CVE-2024-53272
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-53272
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53272.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-53272
- Published
- 2024-12-11T22:06:56.331Z
- Modified
- 2025-12-05T07:33:31.335246Z
- Severity
-
- 5.0 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N/E:P CVSS Calculator
- Summary
- GHSL-2024-109: Reflected XSS in /login in habitica
- Details
-
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The
loginandsocial mediafunction inRegisterLoginReset.vuecontains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify a maliciousredirectToparameter to trigger the vulnerability, giving the attacker control of the victim’s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch. - Database specific
{ "cwe_ids": [ "CWE-79" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53272.json", "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/habitrpg/habitica
Affected ranges
- Type
- GIT
- Repo
- https://github.com/habitrpg/habitica
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
2015-04-14-11-04-28
pre-i18n
3.*
3.0.0
3.40.0
v0.*
v0.1
v0.1.1
v1.*
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.1.0
v3.1.1
v3.1.2
v3.10.0
v3.100.0
v3.101.0
v3.101.1
v3.101.2
v3.102.0
v3.102.1
v3.102.2
v3.102.3
v3.103.0
v3.104.0
v3.104.1
v3.105.0
v3.105.1
v3.105.2
v3.106.0
v3.106.1
v3.107.0
v3.107.1
v3.108.0
v3.109.0
v3.11.0
v3.110.0
v3.110.1
v3.110.3
v3.111.0
v3.111.1
v3.111.2
v3.111.3
v3.111.4
v3.111.5
v3.111.6
v3.112.0
v3.112.1
v3.112.2
v3.113.0
v3.113.1
v3.113.2
v3.114.0
v3.114.1
v3.115.0
v3.116.0
v3.116.1
v3.12.0
v3.12.1
v3.13.0
v3.14.0
v3.15.0
v3.16.0
v3.17.0
v3.18.0
v3.19.0
v3.2.0
v3.20.0
v3.21.0
v3.21.1
v3.22.0
v3.22.1
v3.23.0
v3.23.1
v3.24.0
v3.24.1
v3.25.0
v3.25.1
v3.25.2
v3.25.3
v3.26.0
v3.27.0
v3.28.0
v3.29.0
v3.29.1
v3.3.1
v3.3.2
v3.3.3
v3.30.0
v3.30.1
v3.30.2
v3.31.0
v3.31.0a
v3.32.0
v3.33.0
v3.33.1
v3.34.0
v3.34.1
v3.35.0
v3.36.0
v3.36.1
v3.38.0
v3.39.0
v3.39.1
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.40.0
v3.41.0
v3.41.1
v3.41.2
v3.41.3
v3.41.4
v3.42.0
v3.42.1
v3.43.0
v3.43.1
v3.43.2
v3.44.0
v3.44.1
v3.44.2
v3.44.3
v3.44.4
v3.44.5
v3.45.0
v3.46.0
v3.46.1
v3.46.2
v3.47.0
v3.47.1
v3.47.2
v3.48.0
v3.49.0
v3.5.0
v3.50.0
v3.51.0
v3.51.1
v3.52.0
v3.53.0
v3.53.1
v3.53.2
v3.53.3
v3.53.4
v3.53.5
v3.54.0
v3.55.0
v3.56.0
v3.57.0
v3.57.1
v3.57.2
v3.58.0
v3.58.1
v3.59.0
v3.59.1
v3.6.0
v3.6.1
v3.60.0
v3.61.0
v3.62.0
v3.63.0
v3.64.0
v3.64.1
v3.65.0
v3.65.1
v3.65.2
v3.66.0
v3.66.1
v3.66.2
v3.66.3
v3.67.0
v3.67.1
v3.68.0
v3.69.0
v3.69.1
v3.7.0
v3.7.1
v3.7.2
v3.7.3
v3.70.0
v3.71.0
v3.72.0
v3.72.1
v3.73.0
v3.73.1
v3.74.0
v3.74.1
v3.75.0
v3.75.1
v3.75.2
v3.75.3
v3.76.0
v3.77.0
v3.78.0
v3.79.0
v3.79.1
v3.79.2
v3.8.0
v3.8.1
v3.80.0
v3.80.1
v3.83.0
v3.83.1
v3.84.1
v3.84.2
v3.84.3
v3.85.0
v3.86.0
v3.87.0
v3.87.1
v3.88.0
v3.88.1
v3.89.0
v3.9.0
v3.90.0
v3.90.1
v3.90.2
v3.91.0
v3.91.1
v3.91.2
v3.92.0
v3.93.0
v3.93.1
v3.93.2
v3.94.0
v3.94.1
v3.95.0
v3.96.1
v3.96.2
v3.97.0
v3.97.1
v3.97.2
v3.98.0
v3.98.1
v3.99.0
v3.99.1
v4.*
v4.0.0
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.7
v4.0.8
v4.0.9
v4.1.1
v4.1.2
v4.1.4
v4.10.0
v4.10.1
v4.100.0
v4.100.1
v4.100.2
v4.101.0
v4.101.1
v4.102.0
v4.103.0
v4.103.1
v4.104.0
v4.104.1
v4.104.2
v4.105.0
v4.105.1
v4.105.2
v4.105.3
v4.105.4
v4.106.0
v4.106.1
v4.106.2
v4.107.0
v4.107.1
v4.107.2
v4.107.3
v4.108.0
v4.109.0
v4.109.1
v4.11.0
v4.11.1
v4.110.0
v4.110.1
v4.110.2
v4.111.0
v4.111.1
v4.112.0
v4.112.1
v4.113.0
v4.113.1
v4.114.0
v4.115.0
v4.115.1
v4.115.2
v4.116.0
v4.116.1
v4.116.3
v4.116.4
v4.116.5
v4.116.6
v4.116.7
v4.116.8
v4.117.0
v4.118.0
v4.119.0
v4.119.1
v4.119.2
v4.12.0
v4.12.1
v4.12.2
v4.12.3
v4.12.4
v4.12.5
v4.12.6
v4.120.0
v4.120.1
v4.120.2
v4.121.0
v4.121.1
v4.122.0
v4.123.0
v4.124.0
v4.124.1
v4.125.0
v4.126.0
v4.126.1
v4.127.0
v4.127.1
v4.127.2
v4.127.3
v4.127.4
v4.128.0
v4.128.1
v4.128.2
v4.128.3
v4.129.0
v4.129.1
v4.129.2
v4.129.3
v4.129.4
v4.13.1
v4.13.2
v4.13.3
v4.13.4
v4.130.0
v4.130.1
v4.130.2
v4.131.0
v4.131.1
v4.131.2
v4.131.3
v4.131.4
v4.132.0
v4.132.1
v4.132.2
v4.132.3
v4.133.0
v4.133.1
v4.134.0
v4.134.1
v4.134.2
v4.134.3
v4.134.4
v4.135.0
v4.135.1
v4.136.0
v4.136.1
v4.136.2
v4.136.3
v4.136.4
v4.137.0
v4.137.1
v4.138.0
v4.138.1
v4.138.2
v4.138.3
v4.138.4
v4.138.5
v4.138.6
v4.139.0
v4.14.0
v4.14.1
v4.14.2
v4.140.0
v4.140.1
v4.140.10
v4.140.11
v4.140.12
v4.140.13
v4.140.14
v4.140.2
v4.140.3
v4.140.4
v4.140.5
v4.140.6
v4.140.7
v4.140.8
v4.140.9
v4.141.0
v4.141.1
v4.141.2
v4.141.3
v4.141.4
v4.142.0
v4.142.1
v4.142.2
v4.142.3
v4.143.0
v4.143.1
v4.143.2
v4.143.3
v4.144.0
v4.145.0
v4.145.1
v4.146.0
v4.146.1
v4.146.2
v4.146.3
v4.146.4
v4.146.5
v4.146.6
v4.146.7
v4.147.0
v4.147.1
v4.147.2
v4.147.3
v4.148.0
v4.148.1
v4.148.2
v4.148.3
v4.149.0
v4.149.1
v4.149.2
v4.149.3
v4.15.0
v4.15.1
v4.15.2
v4.15.3
v4.150.0
v4.151.0
v4.151.1
v4.151.3
v4.151.4
v4.151.5
v4.152.0
v4.152.1
v4.152.2
v4.152.3
v4.153.0
v4.153.1
v4.154.0
v4.154.1
v4.155.0
v4.155.1
v4.155.2
v4.156.0
v4.156.1
v4.156.2
v4.156.3
v4.157.0
v4.157.1
v4.158.0
v4.159.0
v4.159.1
v4.16.0
v4.16.1
v4.16.2
v4.160.0
v4.160.1
v4.161.0
v4.161.1
v4.161.2
v4.161.3
v4.161.4
v4.162.0
v4.163.0
v4.164.0
v4.165.0
v4.165.1
v4.165.2
v4.165.3
v4.166.0
v4.166.1
v4.166.2
v4.167.0
v4.167.1
v4.167.2
v4.168.0
v4.168.1
v4.168.2
v4.168.3
v4.169.0
v4.169.1
v4.169.2
v4.17.0
v4.170.0
v4.170.1
v4.171.0
v4.171.1
v4.172.0
v4.172.1
v4.173.0
v4.174.0
v4.175.0
v4.175.1
v4.175.2
v4.175.3
v4.175.4
v4.175.5
v4.175.6
v4.175.7
v4.175.8
v4.176.0
v4.177.0
v4.178.0
v4.178.1
v4.178.2
v4.178.3
v4.178.4
v4.179.0
v4.179.1
v4.18.0
v4.18.1
v4.180.0
v4.181.0
v4.181.1
v4.181.2
v4.181.3
v4.182.0
v4.183.0
v4.183.1
v4.184.0
v4.184.1
v4.184.2
v4.184.3
v4.185.0
v4.186.0
v4.187.0
v4.188.0
v4.188.1
v4.188.2
v4.188.3
v4.188.4
v4.189.0
v4.189.1
v4.189.2
v4.19.0
v4.19.1
v4.190.0
v4.190.1
v4.191.0
v4.192.0
v4.192.1
v4.192.2
v4.193.0
v4.194.0
v4.195.0
v4.196.0
v4.196.1
v4.197.0
v4.197.1
v4.197.2
v4.198.0
v4.198.1
v4.198.2
v4.199.0
v4.199.1
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.20.0
v4.20.1
v4.20.2
v4.20.3
v4.200.0
v4.201.0
v4.201.1
v4.202.0
v4.203.0
v4.203.1
v4.204.0
v4.204.1
v4.204.2
v4.205.0
v4.205.1
v4.205.2
v4.205.3
v4.205.4
v4.206.0
v4.206.1
v4.206.2
v4.207.0
v4.207.1
v4.207.2
v4.208.0
v4.208.1
v4.208.2
v4.209.0
v4.21.0
v4.210.0
v4.210.1
v4.210.2
v4.211.0
v4.211.1
v4.211.2
v4.211.3
v4.211.4
v4.211.5
v4.211.6
v4.211.7
v4.211.8
v4.212.0
v4.212.1
v4.212.2
v4.213.0
v4.214.0
v4.214.1
v4.214.2
v4.214.3
v4.214.4
v4.214.5
v4.214.6
v4.215.0
v4.215.1
v4.216.0
v4.217.0
v4.218.0
v4.219.0
v4.219.1
v4.22.0
v4.22.1
v4.220.0
v4.221.0
v4.221.1
v4.221.3
v4.222.0
v4.222.1
v4.222.2
v4.223.0
v4.224.0
v4.224.1
v4.224.2
v4.224.3
v4.225.0
v4.225.1
v4.225.2
v4.225.3
v4.225.4
v4.226.0
v4.226.1
v4.227.0
v4.228.0
v4.228.1
v4.228.2
v4.228.3
v4.228.4
v4.229.0
v4.229.1
v4.229.2
v4.23.0
v4.23.1
v4.230.0
v4.230.1
v4.230.2
v4.230.3
v4.231.0
v4.232.0
v4.232.1
v4.232.2
v4.233.0
v4.233.1
v4.233.2
v4.233.3
v4.234.0
v4.234.1
v4.234.2
v4.235.0
v4.235.1
v4.236.0
v4.236.1
v4.236.2
v4.236.3
v4.237.0
v4.237.1
v4.238.0
v4.238.1
v4.239.0
v4.24.0
v4.24.1
v4.24.2
v4.24.3
v4.24.4
v4.24.5
v4.24.6
v4.240.0
v4.241.0
v4.241.2
v4.241.3
v4.241.4
v4.242.0
v4.242.1
v4.243.0
v4.243.1
v4.244.0
v4.244.1
v4.245.0
v4.245.1
v4.245.2
v4.246.0
v4.247.0
v4.248.1
v4.248.2
v4.248.3
v4.248.4
v4.249.0
v4.249.1
v4.249.2
v4.249.3
v4.249.4
v4.249.5
v4.249.6
v4.249.7
v4.25.0
v4.250.0
v4.250.1
v4.251.0
v4.252.0
v4.252.1
v4.252.2
v4.253.0
v4.254.0
v4.254.1
v4.254.2
v4.255.0
v4.255.1
v4.255.2
v4.256.0
v4.257.0
v4.258.0
v4.258.1
v4.258.2
v4.259.0
v4.259.1
v4.26.0
v4.26.1
v4.26.2
v4.26.3
v4.260.0
v4.260.1
v4.261.1
v4.262.0
v4.262.1
v4.262.2
v4.263.0
v4.263.1
v4.264.0
v4.264.1
v4.264.2
v4.264.3
v4.264.4
v4.265.0
v4.266.0
v4.267.0
v4.267.1
v4.267.2
v4.267.3
v4.268.0
v4.268.1
v4.269.0
v4.269.1
v4.27.0
v4.27.1
v4.27.2
v4.27.3
v4.27.4
v4.270.1
v4.270.2
v4.270.3
v4.271.0
v4.271.1
v4.271.2
v4.272.0
v4.273.0
v4.273.1
v4.273.2
v4.273.3
v4.274.0
v4.275.0
v4.276.0
v4.276.1
v4.276.2
v4.277.0
v4.277.1
v4.277.2
v4.277.3
v4.277.4
v4.28.0
v4.28.1
v4.28.2
v4.29.0
v4.29.1
v4.29.2
v4.29.3
v4.29.4
v4.29.5
v4.29.6
v4.29.7
v4.29.8
v4.3.0
v4.30.0
v4.31.0
v4.31.1
v4.32.0
v4.32.1
v4.33.0
v4.33.1
v4.33.2
v4.34.0
v4.34.1
v4.34.2
v4.35.0
v4.35.1
v4.36.0
v4.37.0
v4.37.1
v4.37.2
v4.38.0
v4.39.0
v4.39.1
v4.39.2
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.40.0
v4.40.1
v4.41.0
v4.41.1
v4.41.2
v4.41.3
v4.41.4
v4.41.5
v4.41.7
v4.41.8
v4.42.0
v4.42.1
v4.42.2
v4.42.3
v4.42.4
v4.42.5
v4.42.6
v4.43.0
v4.43.1
v4.44.0
v4.44.1
v4.44.2
v4.44.3
v4.45.0
v4.45.1
v4.46.0
v4.46.1
v4.46.2
v4.47.0
v4.48.0
v4.48.1
v4.49.0
v4.49.1
v4.5.0
v4.50.0
v4.50.1
v4.50.2
v4.50.3
v4.50.4
v4.50.5
v4.50.6
v4.51.0
v4.51.1
v4.51.2
v4.51.3
v4.51.4
v4.52.0
v4.52.1
v4.52.2
v4.53.0
v4.54.0
v4.55.0
v4.55.1
v4.56.0
v4.56.1
v4.56.2
v4.56.3
v4.57.0
v4.57.1
v4.57.2
v4.57.3
v4.57.4
v4.58.0
v4.59.0
v4.59.1
v4.59.2
v4.6.0
v4.6.1
v4.6.2
v4.6.3
v4.60.0
v4.60.1
v4.60.2
v4.60.3
v4.60.4
v4.60.5
v4.61.0
v4.61.1
v4.62.0
v4.62.1
v4.62.2
v4.62.3
v4.63.0
v4.63.1
v4.63.2
v4.63.3
v4.64.0
v4.64.1
v4.64.2
v4.65.0
v4.65.1
v4.65.2
v4.65.3
v4.65.4
v4.65.5
v4.65.6
v4.65.7
v4.66.0
v4.66.1
v4.66.2
v4.67.0
v4.67.1
v4.68.0
v4.68.1
v4.69.0
v4.69.1
v4.69.2
v4.7.0
v4.7.1
v4.70.0
v4.71.0
v4.72.0
v4.73.0
v4.73.1
v4.73.2
v4.74.0
v4.74.1
v4.74.2
v4.74.3
v4.74.4
v4.74.5
v4.74.6
v4.74.7
v4.75.0
v4.75.1
v4.75.2
v4.75.3
v4.75.4
v4.75.5
v4.76.0
v4.76.1
v4.77.0
v4.77.1
v4.77.2
v4.77.3
v4.77.4
v4.77.5
v4.77.6
v4.78.0
v4.78.1
v4.78.2
v4.79.0
v4.8.0
v4.80.0
v4.80.1
v4.80.2
v4.80.3
v4.80.4
v4.80.5
v4.80.6
v4.80.7
v4.80.8
v4.80.9
v4.81.0
v4.81.1
v4.82.0
v4.82.1
v4.82.2
v4.82.3
v4.83.1
v4.83.2
v4.84.0
v4.84.1
v4.84.2
v4.84.3
v4.84.4
v4.84.5
v4.84.6
v4.84.7
v4.84.8
v4.85.0
v4.85.1
v4.85.2
v4.85.3
v4.85.4
v4.85.5
v4.86.0
v4.86.1
v4.86.2
v4.87.0
v4.87.1
v4.87.2
v4.87.3
v4.88.0
v4.89.0
v4.9.0
v4.9.1
v4.90.0
v4.90.1
v4.90.2
v4.90.3
v4.90.4
v4.91.0
v4.91.1
v4.91.2
v4.92.0
v4.92.1
v4.92.2
v4.92.3
v4.92.4
v4.92.5
v4.92.6
v4.93.0
v4.93.1
v4.93.2
v4.93.3
v4.93.4
v4.94.0
v4.94.1
v4.95.0
v4.95.1
v4.96.0
v4.96.1
v4.97.0
v4.98.0
v4.98.1
v4.99.0
v4.99.1
v5.*
v5.0.0
v5.0.1
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.10.0
v5.11.0
v5.11.1
v5.12.0
v5.12.1
v5.12.2
v5.13.0
v5.13.1
v5.13.2
v5.14.0
v5.14.1
v5.14.2
v5.15.0
v5.15.1
v5.15.2
v5.16.0
v5.16.1
v5.17.0
v5.17.1
v5.17.2
v5.18.0
v5.18.1
v5.19.0
v5.19.1
v5.2.0
v5.20.0
v5.21.0
v5.22.0
v5.22.1
v5.22.2
v5.22.3
v5.23.0
v5.24.0
v5.24.1
v5.24.2
v5.24.3
v5.25.0
v5.25.1
v5.25.2
v5.25.3
v5.25.4
v5.25.5
v5.25.6
v5.25.7
v5.25.8
v5.26.0
v5.26.1
v5.26.2
v5.26.3
v5.27.0
v5.27.1
v5.27.2
v5.27.3
v5.27.4
v5.28.0
v5.28.1
v5.28.2
v5.28.3
v5.28.4
v5.3.0
v5.4.0
v5.4.1
v5.5.0
v5.6.0
v5.7.0
v5.8.0
v5.9.0
v5.9.1