Home > Vulnerability Database > CVE-2024-46976

Mend.io Vulnerability Database

CVE-2024-46976

Good to know:

Date: September 17, 2024

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: TYPE_SCRIPT

Severity Score

6.5

Related Resources (4)

Url: https://github.com/backstage/backstage/security/advisories/GHSA-5j94-f3mf-8685

Url: https://github.com/backstage/backstage

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-46976

Url: https://www.mend.io/vulnerability-database/CVE-2024-46976

Severity Score

6.5

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Protection Mechanism Failure

CWE-693

Top Fix

Upgrade Version

Upgrade to version @backstage/plugin-techdocs-backend - 1.10.13

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-46976

Good to know:

Date: September 17, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?