CVE-2024-27290 Information

Description

Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97 a user could type HTML into a field including the field for the user’s name and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the master branch.

Reference

https://github.com/jhpyle/docassemble/security/advisories/GHSA-pcfx-g2j2-f6f6 https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa