What is CVE-2024-22191?

CVE-2024-22191 is a high-severity vulnerability in Avo-hq Avo, classified under Cross-site Scripting. CVSS score: 7.3/10. Published 2024-01-16.

How severe is CVE-2024-22191?

High severity. CVSS v3 base score is 7.3 out of 10.

XSS in Avo-hq Avo

CVE-2024-22191

Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting (XSS) vulnerability was found in the key_value field of Avo v3.2.3 and v2.46.0. This vulnerability could allow an attacker to execute arbitrary…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.013 (79.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N.

Affected products

Avo-hq Avo — versions >= 3.0.0.beta1, < 3.2.4, < 2.47.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/avo-hq/avo/security/advisories/GHSA-ghjv-mh6x-7q6h (x_refsource_CONFIRM)
https://github.com/avo-hq/avo/commit/51bb80b181cd8e31744bdc4e7f9b501c81172347 (x_refsource_MISC)
https://github.com/avo-hq/avo/commit/fc92a05a8556b1787c8694643286a1afa6a71258 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-22191?: CVE-2024-22191 is a high-severity vulnerability in Avo-hq Avo, classified under Cross-site Scripting. CVSS score: 7.3/10. Published 2024-01-16.
How severe is CVE-2024-22191?: High severity. CVSS v3 base score is 7.3 out of 10.