CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-28434

The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.0%

CVSS Severity

CVSS v3 Score 7.6

References

https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28434
https://github.com/twentyhq/twenty
https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28434
https://github.com/twentyhq/twenty

Products affected by CVE-2024-28434

Twenty » Twenty » Version: 0.3.0

cpe:2.3:a:twenty:twenty:0.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-28434

Products

Pricing

Contact Us