{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-13T01:16:27.393","vulnerabilities":[{"cve":{"id":"CVE-2024-32468","sourceIdentifier":"security-advisories@github.com","published":"2024-11-25T19:15:09.510","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the `deno_doc` crate which lead to Self-XSS with deno doc --html. 1.) XSS in generated `search_index.js`, `deno_doc` outputs a JavaScript file for searching. However, the generated file used `innerHTML` on unsanitzed HTML input. 2.) XSS via property, method and enum names, `deno_doc` did not sanitize property names, method names and enum names. The first XSS most likely didn't have an impact since `deno doc --html` is expected to be used locally with own packages."},{"lang":"es","value":"Deno es un entorno de ejecución para JavaScript y TypeScript escrito en rust. Existían varias vulnerabilidades de cross-site scripting en el crate `deno_doc` que conducían a Self-XSS con deno doc --html. 1.) XSS en `search_index.js` generado, `deno_doc` genera un archivo JavaScript para realizar búsquedas. Sin embargo, el archivo generado utilizó `innerHTML` en la entrada HTML no desinfectada. 2.) XSS a través de nombres de propiedades, métodos y enumeraciones, `deno_doc` no saneó los nombres de propiedades, métodos y enumeraciones. Lo más probable es que el primer XSS no haya tenido un impacto ya que se espera que `deno doc --html` se use localmente con paquetes propios."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/denoland/deno/security/advisories/GHSA-qqwr-j9mm-fhw6","source":"security-advisories@github.com"},{"url":"https://github.com/denoland/deno_doc/blob/dc556c848831d7ae48f3eff2ababc6e75eb6b73e/src/html/templates/pages/search.js#L120-L144","source":"security-advisories@github.com"}]}}]}