2024-11-19 21:00:31 +00:00
{
2024-12-12 01:00:54 +00:00
"data_version" : "4.0" ,
2024-11-19 21:00:31 +00:00
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"CVE_data_meta" : {
"ID" : "CVE-2024-53274" ,
2024-12-12 01:00:54 +00:00
"ASSIGNER" : "security-advisories@github.com" ,
"STATE" : "PUBLIC"
2024-11-19 21:00:31 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2024-12-12 01:00:54 +00:00
"value" : "Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `home.vue` containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability. Arbitrary javascript can be executed by the attacker in the context of the victim\u2019s session. Version 5.28.5 contains a patch."
2024-11-19 21:00:31 +00:00
}
]
2024-12-12 01:00:54 +00:00
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" ,
"cweId" : "CWE-79"
}
]
}
]
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "HabitRPG" ,
"product" : {
"product_data" : [
{
"product_name" : "habatica" ,
"version" : {
"version_data" : [
{
"version_affected" : "=" ,
"version_value" : "< 5.28.5"
}
]
}
}
]
}
}
]
}
} ,
"references" : {
"reference_data" : [
{
"url" : "https://securitylab.github.com/advisories/GHSL-2024-109_GHSL-2024-111_habitica/" ,
"refsource" : "MISC" ,
"name" : "https://securitylab.github.com/advisories/GHSL-2024-109_GHSL-2024-111_habitica/"
} ,
{
"url" : "https://github.com/HabitRPG/habitica/commit/946ade5da1f52a804ef2ba76d49416c43e8166bf" ,
"refsource" : "MISC" ,
"name" : "https://github.com/HabitRPG/habitica/commit/946ade5da1f52a804ef2ba76d49416c43e8166bf"
}
]
} ,
"source" : {
"advisory" : "GHSA-fg8h-qqm8-5wpr" ,
"discovery" : "UNKNOWN"
2024-11-19 21:00:31 +00:00
}
}
