CVE-2024-32875 | gohugoio hugo up to 0.125.2 Markdown title cross site scripting (GHSA-ppf8-hhpp-f5hj)

Posted by Angelo Barbosa | Apr 24, 2024 | CVE

A vulnerability was found in gohugoio hugo up to 0.125.2. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown Handler. The manipulation of the argument title leads to basic cross site scripting.

This vulnerability was named CVE-2024-32875. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-32875 | gohugoio hugo up to 0.125.2 Markdown title cross site scripting (GHSA-ppf8-hhpp-f5hj)

Related Posts

CVE-2024-0606 | Mozilla Focus up to 122 on iOS javascript URI window.open cross site scripting

CVE-2023-45724 | HCL DRYiCE MyXalytics 5.9/6.0/6.1 improper authentication (KB0109608)

CVE-2024-1850 | AI Post Generator Plugin up to 3.3 on WordPress authorization

CVE-2023-1973 | Red Hat Undertow FormAuthenticationMechanism memory allocation