CVE-2024-38527 (GCVE-0-2024-38527)

Vulnerability from cvelistv5 – Published: 2024-06-26 19:33 – Updated: 2024-08-02 04:12
VLAI?
Title
Cross-site Scripting in ZenUML
Summary
ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdown features, such as `**` for bolded text. However, the markdown text is currently not sanitized before rendering, allowing an attacker to enter a malicious payload for the comment which leads to XSS. This puts existing applications that use ZenUML unsandboxed at risk of arbitrary JavaScript execution when rendering user-controlled diagrams. This vulnerability was patched in version 3.23.25,
Severity ?
5.4 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
Vendor Product Version
mermaid-js zenuml-core Affected: < 3.23.25
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mermaidjs:zenuml-core:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "zenuml-core",
            "vendor": "mermaidjs",
            "versions": [
              {
                "lessThanOrEqual": "3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38527",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-27T19:02:31.612648Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-27T19:04:37.531Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:25.179Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h"
          },
          {
            "name": "https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "zenuml-core",
          "vendor": "mermaid-js",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.23.25"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdown features, such as `**` for bolded text. However, the markdown text is currently not sanitized before rendering, allowing an attacker to enter a malicious payload for the comment which leads to XSS. This puts existing applications that use ZenUML unsandboxed at risk of arbitrary JavaScript execution when rendering user-controlled diagrams. This vulnerability was patched in version 3.23.25,"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-26T19:33:46.575Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h"
        },
        {
          "name": "https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c"
        }
      ],
      "source": {
        "advisory": "GHSA-q6xv-jm4v-349h",
        "discovery": "UNKNOWN"
      },
      "title": "Cross-site Scripting in ZenUML"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-38527",
    "datePublished": "2024-06-26T19:33:46.575Z",
    "dateReserved": "2024-06-18T16:37:02.728Z",
    "dateUpdated": "2024-08-02T04:12:25.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-38527\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-06-26T20:15:16.020\",\"lastModified\":\"2024-11-21T09:26:11.813\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdown features, such as `**` for bolded text. However, the markdown text is currently not sanitized before rendering, allowing an attacker to enter a malicious payload for the comment which leads to XSS. This puts existing applications that use ZenUML unsandboxed at risk of arbitrary JavaScript execution when rendering user-controlled diagrams. This vulnerability was patched in version 3.23.25,\"},{\"lang\":\"es\",\"value\":\"ZenUML es una herramienta de diagramaci\u00f3n basada en JavaScript que no requiere servidor y utiliza definiciones de texto inspiradas en Markdown y un renderizador para crear y modificar diagramas de secuencia. Los comentarios basados en Markdown en la sintaxis del diagrama ZenUML son susceptibles a Cross-site Scripting (XSS). La funci\u00f3n de comentarios permite al usuario adjuntar peque\u00f1as notas como referencia. Esta funci\u00f3n permite al usuario ingresar su comentario en un comentario de markdown, lo que le permite utilizar funciones de markdown comunes, como `**` para texto en negrita. Sin embargo, el texto de markdown actualmente no se sanitiza antes de renderizarlo, lo que permite a un atacante ingresar un payload malicioso para el comentario que conduce a XSS. Esto pone a las aplicaciones existentes que usan ZenUML sin sandbox en riesgo de ejecuci\u00f3n arbitraria de JavaScript al representar diagramas controlados por el usuario. Esta vulnerabilidad fue parcheada en la versi\u00f3n 3.23.25,\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h\", \"name\": \"https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c\", \"name\": \"https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T04:12:25.179Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-38527\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-27T19:02:31.612648Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:mermaidjs:zenuml-core:*:*:*:*:*:*:*:*\"], \"vendor\": \"mermaidjs\", \"product\": \"zenuml-core\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.0.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-27T19:04:29.231Z\"}}], \"cna\": {\"title\": \"Cross-site Scripting in ZenUML\", \"source\": {\"advisory\": \"GHSA-q6xv-jm4v-349h\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"mermaid-js\", \"product\": \"zenuml-core\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.23.25\"}]}], \"references\": [{\"url\": \"https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h\", \"name\": \"https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c\", \"name\": \"https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdown features, such as `**` for bolded text. However, the markdown text is currently not sanitized before rendering, allowing an attacker to enter a malicious payload for the comment which leads to XSS. This puts existing applications that use ZenUML unsandboxed at risk of arbitrary JavaScript execution when rendering user-controlled diagrams. This vulnerability was patched in version 3.23.25,\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-06-26T19:33:46.575Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-38527\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T04:12:25.179Z\", \"dateReserved\": \"2024-06-18T16:37:02.728Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-06-26T19:33:46.575Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.