CVE-2024-38274 — Insufficient escaping of calendar event titles resulted in a stored XSS risk in ... | CVE Daily

Medium CVSS 6.1

Overview

Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.

CWE: CWE-79 Published: 2024-06-18T20:15:13.860

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.1 (MEDIUM)
Detected tags: stored_xss, xss (tag impact: MODERATE)

Recommended actions:

Sanitize stored input and enforce CSP.
Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags