Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the master branch.
Metrics
Affected Vendors & Products
References
History
Tue, 02 Sep 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Jhpyle
Jhpyle docassemble |
|
CPEs | cpe:2.3:a:jhpyle:docassemble:*:*:*:*:*:*:*:* | |
Vendors & Products |
Jhpyle
Jhpyle docassemble |

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-05T15:06:29.373Z
Reserved: 2024-02-22T18:08:38.874Z
Link: CVE-2024-27290

Updated: 2024-08-02T00:27:59.961Z

Status : Analyzed
Published: 2024-03-21T02:52:19.130
Modified: 2025-09-02T13:42:49.090
Link: CVE-2024-27290

No data.

No data.