CVE-2024-38454

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-38454
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38454.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-38454
Published
2024-06-16T15:15:51.613Z
Modified
2026-04-10T05:14:27.328096Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

ExpressionEngine before 7.4.11 allows XSS.

References

Affected packages

Git / github.com/expressionengine/expressionengine

Affected ranges

Type
GIT
Repo
https://github.com/expressionengine/expressionengine
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d3774b067cea408fd1c062cdcdca8316802d1243
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.4.11"
        }
    ]
}

Affected versions

6.*
6.0.0
6.0.1
6.0.4-dp.1
6.0.4-dp.2
6.0.4-dp.3
6.0.5-dp.1
6.0.6-dp.1
7.*
7.0.0
7.0.1
7.0.2
7.0.3
7.1.0
7.1.1
7.1.2
7.1.3
7.1.4
7.1.5
7.1.6
7.2.0
7.2.1
7.2.10
7.2.11
7.2.12
7.2.13
7.2.14
7.2.15
7.2.16
7.2.17
7.2.2
7.2.3
7.2.4
7.2.5
7.2.6
7.2.7
7.2.8
7.2.9
7.3.0
7.3.1
7.3.10
7.3.11
7.3.12
7.3.13
7.3.14
7.3.15
7.3.2
7.3.3
7.3.4
7.3.5
7.3.6
7.3.7
7.3.8
7.3.9
7.4.0
7.4.1
7.4.10
7.4.2
7.4.3
7.4.4
7.4.5
7.4.6
7.4.7
7.4.8
7.4.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38454.json"