Main Vulnerability Database Vulnerabilities #VU127055

#VU127055 Cross-site scripting in Deno - CVE-2024-32468

Published: November 25, 2024 / Updated: April 23, 2026

Vulnerability identifier: #VU127055

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-32468

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Deno

Software vendor:
Deno Land

Description

The vulnerability allows a remote user to execute arbitrary script in the generated documentation page.

The vulnerability exists due to cross-site scripting in the deno_doc HTML generator when generating HTML documentation from crafted package content. A remote user can include unsanitized names or HTML content in documented code to execute arbitrary script in the generated documentation page.

User interaction is required to open or view the generated documentation.

Remediation

Install security update from vendor's website.

#VU127055 Cross-site scripting in Deno - CVE-2024-32468

Description

Remediation

External links

Please verify you're human