CVE-2024-33670

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-33670

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33670.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-33670

Aliases

GHSA-2pg6-vw9c-qhjv

Published

2024-04-26T01:15:46Z

Modified

2025-06-20T04:13:55.490282Z

Summary

[none]

Details

Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact the appearance and user interaction of the page.

References

Affected packages

Git / github.com/passbolt/passbolt_api

Affected ranges

Type: GIT
Repo: https://github.com/passbolt/passbolt_api
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7a80b3fa7bbc34e05e8356a4d3870f8bf459dbd7

Affected versions

3.*

3.6.0

3.6.0-1

3.7.0

3.7.0-1

v1.*

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.14

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.5.1

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.9

v2.*

v2.0.0

v2.0.0-rc1

v2.0.0-rc2

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.7

v2.1.0

v2.10.0

v2.11.0

v2.12.0

v2.12.1

v2.13.0

v2.13.1

v2.13.5

v2.2.0

v2.3.0

v2.4

v2.5.0

v2.7.0

v2.7.1

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.9.0

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.1.0

v3.10.0

v3.11.0

v3.11.1

v3.12.0

v3.12.0-rc.1

v3.12.0-rc.2

v3.12.2

v3.12.2-rc.1

v3.2.0

v3.2.0-1

v3.2.1

v3.2.1-1

v3.3.0

v3.3.0-1

v3.3.1

v3.3.1-1

v3.4.0

v3.4.0-1

v3.4.0-2

v3.4.0-3

v3.5.0

v3.5.0-1

v3.5.0-3

v3.6.0

v3.7.0

v3.7.1

v3.7.1-1

v3.7.2

v3.7.2-1

v3.7.3

v3.7.3-1

v3.8.0

v3.8.0-1

v3.8.0-2

v3.8.1

v3.8.1-1

v3.8.3

v3.8.3-1

v3.9.0

v4.*

v4.0.0

v4.0.0-rc.2

v4.0.0-rc.3

v4.0.0-rc.4

v4.0.0-rc.5

v4.0.1

v4.0.1-rc.1

v4.0.2

v4.0.2-rc.1

v4.1.0

v4.1.0-rc.2

v4.1.0-rc.3

v4.1.1

v4.1.1-rc.1

v4.1.1-rc.2

v4.1.2

v4.1.2-rc.2

v4.2.0

v4.2.0-rc.1

v4.2.0-rc.2

v4.2.0-test.1

v4.2.0-test.2

v4.3.0

v4.3.0-rc.1

v4.3.0-test.1

v4.3.0-test.2

v4.4.0

v4.4.0-rc.1

v4.4.0-test.1

v4.4.0-test.2

v4.4.0-test.3

v4.4.1

v4.4.1-test.1

v4.4.1-test.2

v4.4.1-test.3

v4.4.2

v4.4.2-test.1

v4.5.0

v4.5.0-rc.1

v4.5.0-test.1

v4.5.2

v4.5.2-test.1

v4.6.0

v4.6.0-rc.1

v4.6.0-rc.2

v4.6.0-test.1

v4.6.1

v4.6.1-test.1

v4.6.2-test.1

v4.6.2-test.2