CVE-2024-37116

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sinatrateam Sinatra allows Stored XSS.This issue affects Sinatra: from n/a through 1.3.

Published: Jul 22, 2024
Updated: Jul 26, 2024
CVE: CVE-2024-37116
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
sinatrateam / sinatra	-	1.3.x

https://patchstack.com/database/vulnerability/sinatra/wordpress-sinatra-theme-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve

Vulnerability Database

289,697

CVE-2024-37116