{"id":"CVE-2024-43949","details":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha.","modified":"2026-03-12T08:58:16.476429Z","published":"2024-08-29T18:15:11.493Z","references":[{"type":"ADVISORY","url":"https://patchstack.com/database/vulnerability/ghactivity/wordpress-ghactivity-plugin-2-0-0-alpha-cross-site-scripting-xss-vulnerability?_s_id=cve"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/automattic/ghactivity","events":[{"introduced":"0"},{"last_affected":"0250688cc9ccbca08bffe4620476ef6a36182669"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.5.0"}]}}],"versions":["1.1","1.2","1.2.1","1.3","1.3.1","1.4.0","1.4.1","1.4.2","1.5.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43949.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.0.0-alpha"}]}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}