govuk_tech_docs XSS Vulnerability

Advisories

severity: medium
date: January 4, 2024
Affecting: govuk_tech_docs versions starting at 2.0.2 up to 3.3.1
CVE: CVE-2024-22048
CVE type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS: 5.8
CVSS V3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
References: Vendor Advisory
Patch
Related Link
Third Party Advisory