CVE-2024-25873 Information

Description

Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload.

Reference

https://github.com/dd3x3r/enhavo/blob/main/html-injection-page-content-blockquote-author-v0.13.1.md https://www.enhavo.com/