CVE-2024-53272

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-53272

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53272.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-53272

Published

2024-12-11T22:06:56.331Z

Modified

2026-04-10T05:18:21.615454Z

Severity

5.0 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N/E:P CVSS Calculator

Summary

GHSL-2024-109: Reflected XSS in /login in habitica

Details

Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The login and social media function in RegisterLoginReset.vue contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify a malicious redirectTo parameter to trigger the vulnerability, giving the attacker control of the victim’s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53272.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Git / github.com/habitrpg/habitica

Affected ranges

Type: GIT
Repo: https://github.com/habitrpg/habitica
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

50cc66d51cdcdd41f750bcb0c6fa7953fa540beb

Affected versions

Other

2015-04-14-11-04-28

pre-i18n

3.*

3.0.0

3.40.0

v0.*

v0.1

v0.1.1

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.1.1

v3.1.2

v3.10.0

v3.106.0

v3.106.1

v3.107.0

v3.107.1

v3.108.0

v3.109.0

v3.11.0

v3.110.0

v3.110.1

v3.110.3

v3.111.0

v3.111.1

v3.111.2

v3.111.3

v3.111.4

v3.111.5

v3.111.6

v3.112.0

v3.112.1

v3.112.2

v3.113.0

v3.113.1

v3.113.2

v3.114.0

v3.114.1

v3.115.0

v3.116.0

v3.116.1

v3.12.0

v3.12.1

v3.13.0

v3.14.0

v3.15.0

v3.16.0

v3.17.0

v3.18.0

v3.19.0

v3.2.0

v3.20.0

v3.21.0

v3.21.1

v3.22.0

v3.22.1

v3.23.0

v3.23.1

v3.29.0

v3.29.1

v3.3.1

v3.3.2

v3.3.3

v3.30.0

v3.30.1

v3.30.2

v3.31.0

v3.31.0a

v3.32.0

v3.33.0

v3.33.1

v3.34.0

v3.34.1

v3.35.0

v3.36.0

v3.36.1

v3.38.0

v3.39.0

v3.39.1

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.40.0

v3.41.0

v3.41.1

v3.41.2

v3.41.3

v3.41.4

v3.42.1

v3.43.0

v3.43.1

v3.43.2

v3.44.0

v3.44.1

v3.44.2

v3.44.3

v3.44.4

v3.44.5

v3.45.0

v3.46.0

v3.46.1

v3.46.2

v3.47.0

v3.47.1

v3.47.2

v3.48.0

v3.49.0

v3.5.0

v3.50.0

v3.51.0

v3.51.1

v3.52.0

v3.53.0

v3.53.1

v3.53.2

v3.53.3

v3.53.4

v3.53.5

v3.54.0

v3.55.0

v3.56.0

v3.57.0

v3.57.1

v3.57.2

v3.58.0

v3.58.1

v3.59.0

v3.59.1

v3.6.0

v3.6.1

v3.60.0

v3.61.0

v3.62.0

v3.63.0

v3.64.0

v3.64.1

v3.65.0

v3.65.1

v3.65.2

v3.66.0

v3.66.1

v3.66.2

v3.66.3

v3.67.0

v3.67.1

v3.68.0

v3.69.0

v3.69.1

v3.7.0

v3.7.1

v3.7.2

v3.7.3

v3.70.0

v3.71.0

v3.72.0

v3.72.1

v3.73.0

v3.73.1

v3.74.0

v3.74.1

v3.75.0

v3.75.1

v3.75.2

v3.75.3

v3.76.0

v3.77.0

v3.79.0

v3.79.1

v3.79.2

v3.8.0

v3.8.1

v3.80.0

v3.83.0

v3.9.0

v4.*

v4.0.5

v4.0.7

v4.0.8

v4.0.9

v4.1.1

v4.1.2

v4.1.4

v4.100.0

v4.100.1

v4.100.2

v4.101.0

v4.101.1

v4.102.0

v4.103.0

v4.103.1

v4.104.0

v4.105.4

v4.106.1

v4.106.2

v4.107.0

v4.107.1

v4.11.1

v4.110.1

v4.110.2

v4.112.1

v4.115.0

v4.115.1

v4.115.2

v4.116.0

v4.116.1

v4.116.4

v4.116.5

v4.116.6

v4.116.7

v4.116.8

v4.119.0

v4.119.1

v4.12.4

v4.12.5

v4.120.1

v4.120.2

v4.121.0

v4.121.1

v4.122.0

v4.123.0

v4.124.0

v4.124.1

v4.125.0

v4.126.0

v4.126.1

v4.127.0

v4.127.1

v4.127.2

v4.127.3

v4.127.4

v4.128.0

v4.128.1

v4.128.2

v4.128.3

v4.129.0

v4.129.1

v4.129.2

v4.129.4

v4.130.2

v4.131.0

v4.132.2

v4.133.0

v4.134.1

v4.134.2

v4.134.3

v4.134.4

v4.136.3

v4.138.1

v4.138.2

v4.138.3

v4.138.4

v4.138.5

v4.138.6

v4.139.0

v4.14.2

v4.140.0

v4.140.1

v4.140.10

v4.140.11

v4.140.12

v4.140.13

v4.140.2

v4.140.3

v4.140.4

v4.140.9

v4.141.1

v4.141.2

v4.141.3

v4.141.4

v4.142.0

v4.142.1

v4.142.2

v4.142.3

v4.143.0

v4.143.1

v4.143.2

v4.143.3

v4.146.6

v4.147.2

v4.147.3

v4.148.0

v4.148.1

v4.148.2

v4.148.3

v4.149.0

v4.149.1

v4.149.2

v4.149.3

v4.15.0

v4.15.1

v4.150.0

v4.151.0

v4.151.1

v4.151.3

v4.151.4

v4.151.5

v4.152.0

v4.152.1

v4.153.1

v4.154.1

v4.155.1

v4.155.2

v4.156.0

v4.156.1

v4.156.2

v4.157.1

v4.158.0

v4.167.0

v4.175.0

v4.175.1

v4.175.2

v4.175.3

v4.175.4

v4.175.5

v4.175.6

v4.175.7

v4.175.8

v4.176.0

v4.177.0

v4.178.0

v4.178.1

v4.178.2

v4.178.3

v4.181.2

v4.181.3

v4.182.0

v4.183.0

v4.183.1

v4.184.0

v4.184.1

v4.184.2

v4.184.3

v4.185.0

v4.186.0

v4.187.0

v4.188.0

v4.188.1

v4.188.2

v4.188.3

v4.188.4

v4.189.0

v4.189.1

v4.189.2

v4.190.0

v4.190.1

v4.191.0

v4.192.0

v4.192.1

v4.192.2

v4.193.0

v4.194.0

v4.195.0

v4.196.0

v4.196.1

v4.197.0

v4.197.1

v4.197.2

v4.198.0

v4.198.1

v4.198.2

v4.199.0

v4.199.1

v4.2.0

v4.2.1

v4.2.2

v4.2.3

v4.20.3

v4.200.0

v4.201.0

v4.201.1

v4.202.0

v4.208.2

v4.209.0

v4.21.0

v4.210.0

v4.210.1

v4.211.3

v4.211.4

v4.211.5

v4.211.6

v4.211.7

v4.211.8

v4.212.0

v4.212.1

v4.212.2

v4.213.0

v4.214.5

v4.214.6

v4.215.0

v4.215.1

v4.216.0

v4.217.0

v4.22.0

v4.22.1

v4.221.0

v4.23.0

v4.23.1

v4.24.0

v4.24.1

v4.24.2

v4.24.3

v4.24.4

v4.24.5

v4.24.6

v4.241.0

v4.242.1

v4.243.0

v4.243.1

v4.244.0

v4.244.1

v4.245.0

v4.245.1

v4.245.2

v4.249.5

v4.249.6

v4.25.0

v4.258.0

v4.259.1

v4.26.0

v4.260.0

v4.260.1

v4.261.1

v4.262.0

v4.262.1

v4.262.2

v4.263.0

v4.267.0

v4.267.3

v4.268.0

v4.268.1

v4.269.0

v4.269.1

v4.270.1

v4.271.1

v4.271.2

v4.272.0

v4.273.0

v4.275.0

v4.276.0

v4.276.1

v4.276.2

v4.277.0

v4.277.1

v4.277.2

v4.277.3

v4.277.4

v4.28.0

v4.28.1

v4.28.2

v4.29.0

v4.3.0

v4.31.0

v4.31.1

v4.32.0

v4.32.1

v4.33.0

v4.34.0

v4.34.1

v4.34.2

v4.35.0

v4.35.1

v4.36.0

v4.37.1

v4.38.0

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.41.1

v4.41.2

v4.41.3

v4.41.4

v4.41.5

v4.42.1

v4.42.2

v4.42.3

v4.42.5

v4.42.6

v4.43.0

v4.44.1

v4.44.2

v4.45.1

v4.46.0

v4.46.1

v4.46.2

v4.48.0

v4.49.0

v4.51.1

v4.51.3

v4.51.4

v4.52.0

v4.52.1

v4.52.2

v4.53.0

v4.54.0

v4.55.0

v4.55.1

v4.56.0

v4.56.3

v4.57.0

v4.58.0

v4.59.1

v4.60.2

v4.60.4

v4.62.2

v4.62.3

v4.63.0

v4.63.1

v4.63.2

v4.63.3

v4.64.0

v4.64.1

v4.64.2

v4.65.0

v4.65.1

v4.65.2

v4.65.3

v4.65.5

v4.65.6

v4.66.2

v4.67.0

v4.69.2

v4.70.0

v4.71.0

v4.73.1

v4.73.2

v4.74.0

v4.74.1

v4.74.2

v4.74.3

v4.74.4

v4.74.5

v4.75.1

v4.75.2

v4.75.3

v4.75.4

v4.75.5

v4.76.0

v4.76.1

v4.77.0

v4.77.1

v4.77.2

v4.77.3

v4.77.4

v4.77.5

v4.78.2

v4.79.0

v4.80.0

v4.83.1

v4.83.2

v4.84.0

v4.84.1

v4.84.2

v4.84.3

v4.84.4

v4.84.5

v4.84.6

v4.85.4

v4.85.5

v4.86.0

v4.86.1

v4.86.2

v4.87.0

v4.87.1

v4.89.0

v4.9.0

v4.90.1

v4.90.2

v4.90.3

v4.90.4

v4.91.0

v4.91.1

v4.92.0

v4.92.1

v4.92.2

v4.92.3

v4.92.4

v4.92.5

v4.92.6

v4.93.0

v4.93.1

v4.93.2

v4.93.3

v4.93.4

v4.94.0

v4.94.1

v4.95.1

v4.96.0

v4.96.1

v4.97.0

v4.98.0

v4.99.1

v5.*

v5.0.0

v5.0.1

v5.1.0

v5.1.1

v5.1.2

v5.1.3

v5.1.4

v5.12.1

v5.12.2

v5.14.0

v5.14.1

v5.14.2

v5.15.0

v5.15.1

v5.15.2

v5.16.0

v5.16.1

v5.17.0

v5.17.1

v5.17.2

v5.18.0

v5.18.1

v5.19.0

v5.19.1

v5.2.0

v5.20.0

v5.21.0

v5.22.0

v5.22.1

v5.22.2

v5.22.3

v5.23.0

v5.24.0

v5.24.1

v5.24.2

v5.24.3

v5.25.0

v5.25.1

v5.25.2

v5.26.0

v5.26.2

v5.26.3

v5.27.0

v5.27.1

v5.27.2

v5.27.3

v5.27.4

v5.28.0

v5.28.1

v5.28.2

v5.28.3

v5.28.4

v5.3.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53272.json"