CVE-2024-22491

Description

A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter.

How to fix CVE-2024-22491

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Maven/com.ibeetl:beetl—no fix listed

Is CVE-2024-22491 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, <= 2.0.0

CVSS scores

References (2)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-22491
• WEBgithub.com/cui2shark/security/blob/main/A%20stored%20cross-site%20scripting%20%28XSS%29%20vulnerability%20was%20discovered%20in%20beetl-bbs%20post%20save.md