Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the master branch.
History

Tue, 02 Sep 2025 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Jhpyle
Jhpyle docassemble
CPEs cpe:2.3:a:jhpyle:docassemble:*:*:*:*:*:*:*:*
Vendors & Products Jhpyle
Jhpyle docassemble

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-05T15:06:29.373Z

Reserved: 2024-02-22T18:08:38.874Z

Link: CVE-2024-27290

cve-icon Vulnrichment

Updated: 2024-08-02T00:27:59.961Z

cve-icon NVD

Status : Analyzed

Published: 2024-03-21T02:52:19.130

Modified: 2025-09-02T13:42:49.090

Link: CVE-2024-27290

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.