CVE-2024-22414 - OpenCVE

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the `/user/<user>` page allows a user's comments to execute arbitrary javascript code. The html template `user.html` contains the following code snippet to render comments made by a user: `<div class="content" tag="content">{{comment[2]|safe}}</div>`. Use of the "safe" tag causes flask to _not_ escape the rendered content. To remediate this, simply remove the `|safe` tag from the HTML above. No fix is is available and users are advised to manually edit their installation.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dogukanurker	Flaskblog

Configuration 1 [-]

cpe:2.3:a:dogukanurker:flaskblog:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/DogukanUrker/flaskBlog/security/advisories/GHSA-mrcw-j96f-p6v6

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-17T20:25:29.629Z

Updated: 2024-08-01T22:43:34.920Z

Reserved: 2024-01-10T15:09:55.551Z

Link: CVE-2024-22414

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-17T21:15:12.100

Modified: 2024-01-26T18:50:02.263

Link: CVE-2024-22414

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22414", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-10T15:09:55.551Z", "datePublished": "2024-01-17T20:25:29.629Z", "dateUpdated": "2024-08-01T22:43:34.920Z"}, "containers": {"cna": {"title": "User profile page vulnerable to Cross Site Scripting (XSS) in flaskBlog", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/DogukanUrker/flaskBlog/security/advisories/GHSA-mrcw-j96f-p6v6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/DogukanUrker/flaskBlog/security/advisories/GHSA-mrcw-j96f-p6v6"}], "affected": [{"vendor": "DogukanUrker", "product": "flaskBlog", "versions": [{"version": "*", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-17T20:25:29.629Z"}, "descriptions": [{"lang": "en", "value": "flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the `/user/<user>` page allows a user's comments to execute arbitrary javascript code. The html template `user.html` contains the following code snippet to render comments made by a user: `<div class=\"content\" tag=\"content\">{{comment[2]|safe}}</div>`. Use of the \"safe\" tag causes flask to _not_ escape the rendered content. To remediate this, simply remove the `|safe` tag from the HTML above. No fix is is available and users are advised to manually edit their installation."}], "source": {"advisory": "GHSA-mrcw-j96f-p6v6", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.920Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/DogukanUrker/flaskBlog/security/advisories/GHSA-mrcw-j96f-p6v6", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/DogukanUrker/flaskBlog/security/advisories/GHSA-mrcw-j96f-p6v6"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dogukanurker:flaskblog:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CCDE123-D7EB-4E6B-BB34-7F1E2114F770", "versionEndIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the `/user/<user>` page allows a user's comments to execute arbitrary javascript code. The html template `user.html` contains the following code snippet to render comments made by a user: `<div class=\"content\" tag=\"content\">{{comment[2]|safe}}</div>`. Use of the \"safe\" tag causes flask to _not_ escape the rendered content. To remediate this, simply remove the `|safe` tag from the HTML above. No fix is is available and users are advised to manually edit their installation."}, {"lang": "es", "value": "flaskBlog es una aplicaci\u00f3n de blog sencilla creada con Flask. El almacenamiento y la representaci\u00f3n inadecuados de la p\u00e1gina `/user/` permiten que los comentarios de un usuario ejecuten c\u00f3digo javascript arbitrario. La plantilla html `user.html` contiene el siguiente fragmento de c\u00f3digo para representar los comentarios realizados por un usuario: `{{comment[2]|safe}}` . El uso de la etiqueta \"safe\" hace que flask _not_ escape del contenido renderizado. Para remediar esto, simplemente elimine la etiqueta `|safe` del HTML anterior. No hay ninguna soluci\u00f3n disponible y se recomienda a los usuarios que editen manualmente su instalaci\u00f3n."}], "id": "CVE-2024-22414", "lastModified": "2024-01-26T18:50:02.263", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 3.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-01-17T21:15:12.100", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/DogukanUrker/flaskBlog/security/advisories/GHSA-mrcw-j96f-p6v6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}