{"id":"CVE-2024-27290","summary":"Docassemble HTML and javascript injection","details":"Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the master branch.","aliases":["GHSA-pcfx-g2j2-f6f6"],"modified":"2026-04-10T05:11:51.610271Z","published":"2024-02-29T21:44:18.512Z","database_specific":{"cwe_ids":["CWE-79"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27290.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27290.json"},{"type":"ADVISORY","url":"https://github.com/jhpyle/docassemble/security/advisories/GHSA-pcfx-g2j2-f6f6"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27290"},{"type":"FIX","url":"https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jhpyle/docassemble","events":[{"introduced":"0"},{"fixed":"539aeae12cd08cb5c951a3e51fe317b38e4fb9e7"}]}],"versions":["v0.1.10","v0.1.11","v0.1.12","v0.1.13","v0.1.14","v0.1.15","v0.1.16","v0.1.17","v0.1.18","v0.1.19","v0.1.20","v0.1.21","v0.1.22","v0.1.24","v0.1.25","v0.1.26","v0.1.27","v0.1.28","v0.1.29","v0.1.30","v0.1.31","v0.1.32","v0.1.33","v0.1.34","v0.1.35","v0.1.36","v0.1.37","v0.1.38","v0.1.39","v0.1.4","v0.1.40","v0.1.41","v0.1.42","v0.1.43","v0.1.44","v0.1.45","v0.1.46","v0.1.47","v0.1.48","v0.1.49","v0.1.5","v0.1.50","v0.1.51","v0.1.52","v0.1.53","v0.1.54","v0.1.55","v0.1.56","v0.1.57","v0.1.58","v0.1.59","v0.1.6","v0.1.60","v0.1.61","v0.1.62","v0.1.63","v0.1.64","v0.1.65","v0.1.66","v0.1.67","v0.1.68","v0.1.69","v0.1.7","v0.1.70","v0.1.71","v0.1.72","v0.1.73","v0.1.74","v0.1.75","v0.1.76","v0.1.77","v0.1.78","v0.1.79","v0.1.8","v0.1.80","v0.1.81","v0.1.82","v0.1.83","v0.1.84","v0.1.85","v0.1.86","v0.1.87","v0.1.88","v0.1.89","v0.1.9","v0.1.90","v0.1.91","v0.1.92","v0.1.93","v0.1.94","v0.1.95","v0.1.96","v0.1.97","v0.1.98","v0.1.99","v0.2.0","v0.2.1","v0.2.10","v0.2.100","v0.2.101","v0.2.102","v0.2.11","v0.2.12","v0.2.13","v0.2.14","v0.2.15","v0.2.16","v0.2.17","v0.2.18","v0.2.19","v0.2.2","v0.2.20","v0.2.21","v0.2.22","v0.2.23","v0.2.24","v0.2.25","v0.2.26","v0.2.27","v0.2.28","v0.2.29","v0.2.3","v0.2.30","v0.2.31","v0.2.32","v0.2.33","v0.2.34","v0.2.35","v0.2.36","v0.2.37","v0.2.38","v0.2.39","v0.2.4","v0.2.40","v0.2.41","v0.2.42","v0.2.43","v0.2.44","v0.2.5","v0.2.50","v0.2.51","v0.2.52","v0.2.53","v0.2.54","v0.2.55","v0.2.56","v0.2.57","v0.2.58","v0.2.59","v0.2.6","v0.2.60","v0.2.61","v0.2.62","v0.2.63","v0.2.64","v0.2.65","v0.2.66","v0.2.67","v0.2.68","v0.2.69","v0.2.7","v0.2.70","v0.2.71","v0.2.72","v0.2.73","v0.2.74","v0.2.75","v0.2.76","v0.2.77","v0.2.78","v0.2.79","v0.2.8","v0.2.80","v0.2.81","v0.2.82","v0.2.83","v0.2.84","v0.2.85","v0.2.86","v0.2.87","v0.2.88","v0.2.89","v0.2.9","v0.2.90","v0.2.91","v0.2.92","v0.2.93","v0.2.94","v0.2.95","v0.2.96","v0.2.97","v0.2.98","v0.2.99","v0.3.0","v0.3.1","v0.3.10","v0.3.11","v0.3.12","v0.3.13","v0.3.14","v0.3.15","v0.3.16","v0.3.17","v0.3.18","v0.3.19","v0.3.2","v0.3.20","v0.3.21","v0.3.22","v0.3.23","v0.3.24","v0.3.25","v0.3.26","v0.3.27","v0.3.28","v0.3.29","v0.3.3","v0.3.30","v0.3.31","v0.3.32","v0.3.33","v0.3.34","v0.3.35","v0.3.36","v0.3.4","v0.3.5","v0.3.6","v0.3.7","v0.3.8","v0.3.9","v0.4.0","v0.4.1","v0.4.10","v0.4.11","v0.4.12","v0.4.13","v0.4.14","v0.4.15","v0.4.16","v0.4.17","v0.4.18","v0.4.19","v0.4.2","v0.4.20","v0.4.21","v0.4.22","v0.4.23","v0.4.24","v0.4.25","v0.4.26","v0.4.27","v0.4.29","v0.4.3","v0.4.30","v0.4.31","v0.4.32","v0.4.33","v0.4.34","v0.4.35","v0.4.36","v0.4.37","v0.4.38","v0.4.39","v0.4.4","v0.4.40","v0.4.41","v0.4.42","v0.4.43","v0.4.44","v0.4.45","v0.4.46","v0.4.47","v0.4.48","v0.4.49","v0.4.5","v0.4.50","v0.4.51","v0.4.52","v0.4.53","v0.4.54","v0.4.55","v0.4.56","v0.4.57","v0.4.58","v0.4.59","v0.4.6","v0.4.60","v0.4.61","v0.4.62","v0.4.63","v0.4.64","v0.4.65","v0.4.66","v0.4.67","v0.4.68","v0.4.69","v0.4.7","v0.4.70","v0.4.71","v0.4.72","v0.4.73","v0.4.74","v0.4.75","v0.4.76","v0.4.77","v0.4.78","v0.4.79","v0.4.8","v0.4.80","v0.4.9","v0.5.0","v0.5.1","v0.5.10","v0.5.100","v0.5.101","v0.5.102","v0.5.103","v0.5.104","v0.5.105","v0.5.106","v0.5.107","v0.5.108","v0.5.109","v0.5.11","v0.5.110","v0.5.111","v0.5.12","v0.5.13","v0.5.14","v0.5.15","v0.5.16","v0.5.17","v0.5.18","v0.5.19","v0.5.2","v0.5.20","v0.5.21","v0.5.22","v0.5.23","v0.5.24","v0.5.25","v0.5.26","v0.5.27","v0.5.28","v0.5.29","v0.5.3","v0.5.30","v0.5.31","v0.5.32","v0.5.33","v0.5.34","v0.5.35","v0.5.36","v0.5.37","v0.5.38","v0.5.39","v0.5.4","v0.5.40","v0.5.41","v0.5.42","v0.5.43","v0.5.44","v0.5.45","v0.5.46","v0.5.47","v0.5.48","v0.5.49","v0.5.5","v0.5.50","v0.5.51","v0.5.52","v0.5.53","v0.5.54","v0.5.55","v0.5.56","v0.5.57","v0.5.58","v0.5.59","v0.5.6","v0.5.60","v0.5.61","v0.5.62","v0.5.63","v0.5.64","v0.5.65","v0.5.66","v0.5.67","v0.5.68","v0.5.69","v0.5.7","v0.5.70","v0.5.71","v0.5.72","v0.5.73","v0.5.74","v0.5.75","v0.5.76","v0.5.77","v0.5.78","v0.5.79","v0.5.8","v0.5.80","v0.5.81","v0.5.82","v0.5.83","v0.5.84","v0.5.85","v0.5.86","v0.5.87","v0.5.88","v0.5.89","v0.5.9","v0.5.90","v0.5.91","v0.5.92","v0.5.93","v0.5.94","v0.5.95","v0.5.96","v0.5.97","v0.5.98","v0.5.99","v1.0.0","v1.0.1","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.1.1","v1.1.10","v1.1.100","v1.1.101","v1.1.102","v1.1.103","v1.1.104","v1.1.105","v1.1.106","v1.1.107","v1.1.108","v1.1.109","v1.1.11","v1.1.110","v1.1.111","v1.1.112","v1.1.12","v1.1.13","v1.1.14","v1.1.15","v1.1.16","v1.1.17","v1.1.18","v1.1.19","v1.1.2","v1.1.20","v1.1.21","v1.1.22","v1.1.23","v1.1.24","v1.1.25","v1.1.26","v1.1.27","v1.1.28","v1.1.29","v1.1.3","v1.1.30","v1.1.31","v1.1.32","v1.1.33","v1.1.34","v1.1.35","v1.1.36","v1.1.37","v1.1.38","v1.1.39","v1.1.4","v1.1.40","v1.1.41","v1.1.42","v1.1.43","v1.1.44","v1.1.45","v1.1.46","v1.1.47","v1.1.48","v1.1.49","v1.1.5","v1.1.50","v1.1.51","v1.1.52","v1.1.53","v1.1.54","v1.1.55","v1.1.56","v1.1.57","v1.1.58","v1.1.59","v1.1.6","v1.1.60","v1.1.61","v1.1.62","v1.1.63","v1.1.64","v1.1.65","v1.1.66","v1.1.67","v1.1.68","v1.1.69","v1.1.7","v1.1.70","v1.1.71","v1.1.72","v1.1.73","v1.1.74","v1.1.75","v1.1.76","v1.1.77","v1.1.78","v1.1.79","v1.1.8","v1.1.80","v1.1.81","v1.1.82","v1.1.83","v1.1.84","v1.1.85","v1.1.86","v1.1.87","v1.1.88","v1.1.89","v1.1.9","v1.1.90","v1.1.91","v1.1.92","v1.1.93","v1.1.94","v1.1.95","v1.1.96","v1.1.97","v1.1.98","v1.1.99","v1.2.0","v1.2.1","v1.2.10","v1.2.100","v1.2.101","v1.2.102","v1.2.103","v1.2.104","v1.2.105","v1.2.106","v1.2.107","v1.2.108","v1.2.109","v1.2.11","v1.2.12","v1.2.13","v1.2.14","v1.2.15","v1.2.16","v1.2.17","v1.2.18","v1.2.19","v1.2.20","v1.2.21","v1.2.22","v1.2.23","v1.2.24","v1.2.25","v1.2.26","v1.2.27","v1.2.28","v1.2.29","v1.2.3","v1.2.30","v1.2.31","v1.2.32","v1.2.33","v1.2.34","v1.2.35","v1.2.36","v1.2.37","v1.2.38","v1.2.39","v1.2.4","v1.2.40","v1.2.41","v1.2.42","v1.2.43","v1.2.44","v1.2.45","v1.2.46","v1.2.47","v1.2.48","v1.2.49","v1.2.5","v1.2.50","v1.2.51","v1.2.52","v1.2.53","v1.2.54","v1.2.55","v1.2.56","v1.2.57","v1.2.58","v1.2.59","v1.2.6","v1.2.60","v1.2.61","v1.2.62","v1.2.63","v1.2.64","v1.2.65","v1.2.66","v1.2.67","v1.2.68","v1.2.69","v1.2.7","v1.2.70","v1.2.71","v1.2.72","v1.2.73","v1.2.74","v1.2.75","v1.2.76","v1.2.77","v1.2.78","v1.2.79","v1.2.8","v1.2.80","v1.2.81","v1.2.82","v1.2.83","v1.2.84","v1.2.85","v1.2.86","v1.2.87","v1.2.88","v1.2.89","v1.2.9","v1.2.90","v1.2.91","v1.2.92","v1.2.93","v1.2.94","v1.2.95","v1.2.96","v1.2.97","v1.2.98","v1.2.99","v1.3.0","v1.3.1","v1.3.10","v1.3.11","v1.3.12","v1.3.13","v1.3.14","v1.3.15","v1.3.16","v1.3.17","v1.3.18","v1.3.19","v1.3.2","v1.3.20","v1.3.21","v1.3.22","v1.3.23","v1.3.24","v1.3.25","v1.3.26","v1.3.27","v1.3.28","v1.3.29","v1.3.3","v1.3.30","v1.3.31","v1.3.32","v1.3.33","v1.3.34","v1.3.35","v1.3.36","v1.3.37","v1.3.38","v1.3.39","v1.3.4","v1.3.40","v1.3.41","v1.3.42","v1.3.43","v1.3.44","v1.3.45","v1.3.46","v1.3.47","v1.3.48","v1.3.49","v1.3.5","v1.3.50","v1.3.51","v1.3.6","v1.3.7","v1.3.8","v1.3.9","v1.4.1","v1.4.10","v1.4.11","v1.4.12","v1.4.13","v1.4.14","v1.4.15","v1.4.16","v1.4.17","v1.4.18","v1.4.19","v1.4.2","v1.4.20","v1.4.21","v1.4.22","v1.4.23","v1.4.24","v1.4.25","v1.4.26","v1.4.27","v1.4.28","v1.4.29","v1.4.3","v1.4.30","v1.4.31","v1.4.32","v1.4.33","v1.4.34","v1.4.35","v1.4.36","v1.4.37","v1.4.38","v1.4.39","v1.4.4","v1.4.40","v1.4.41","v1.4.42","v1.4.43","v1.4.44","v1.4.45","v1.4.46","v1.4.47","v1.4.48","v1.4.49","v1.4.5","v1.4.50","v1.4.51","v1.4.52","v1.4.53","v1.4.54","v1.4.55","v1.4.56","v1.4.57","v1.4.58","v1.4.59","v1.4.6","v1.4.60","v1.4.61","v1.4.62","v1.4.63","v1.4.64","v1.4.65","v1.4.66","v1.4.67","v1.4.68","v1.4.69","v1.4.7","v1.4.70","v1.4.71","v1.4.72","v1.4.73","v1.4.74","v1.4.75","v1.4.76","v1.4.77","v1.4.78","v1.4.79","v1.4.8","v1.4.80","v1.4.81","v1.4.82","v1.4.83","v1.4.84","v1.4.85","v1.4.86","v1.4.87","v1.4.88","v1.4.89","v1.4.9","v1.4.90","v1.4.91","v1.4.92","v1.4.93","v1.4.94","v1.4.95","v1.4.96"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27290.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}