VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-fsek-s7an-3yhj

Essentials
Severities (22)
References (10)
Severity details (19)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-fsek-s7an-3yhj
Aliases	CVE-2024-22048 GHSA-x2xw-hw8g-6773 GMS-2023-1026
Summary	govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page.
Status	Published
Exploitability	0.5
Weighted Severity	5.5
Risk	2.8
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-80	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.0179	https://api.first.org/data/v1/epss?cve=CVE-2024-22048
epss	0.0179	https://api.first.org/data/v1/epss?cve=CVE-2024-22048
cvssv3.1	6.1	https://github.com/advisories/GHSA-x2xw-hw8g-6773
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-x2xw-hw8g-6773
ssvc	Track	https://github.com/advisories/GHSA-x2xw-hw8g-6773
generic_textual	LOW	https://github.com/alphagov/tech-docs-gem
generic_textual	LOW	https://github.com/alphagov/tech-docs-gem/commit/a51c7058cec46bf2a4e25a1da62b14ac3fd46b53
cvssv3.1	6.1	https://github.com/alphagov/tech-docs-gem/pull/323
generic_textual	LOW	https://github.com/alphagov/tech-docs-gem/pull/323
ssvc	Track	https://github.com/alphagov/tech-docs-gem/pull/323
cvssv3.1	6.1	https://github.com/alphagov/tech-docs-gem/releases/tag/v3.3.1
generic_textual	LOW	https://github.com/alphagov/tech-docs-gem/releases/tag/v3.3.1
ssvc	Track	https://github.com/alphagov/tech-docs-gem/releases/tag/v3.3.1
cvssv3	6.1	https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773
cvssv3.1	6.1	https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773
cvssv3.1_qr	LOW	https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773
generic_textual	LOW	https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773
ssvc	Track	https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773
generic_textual	LOW	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/govuk_tech_docs/CVE-2024-22048.yml
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2024-22048
cvssv3.1	6.1	https://vulncheck.com/advisories/vc-advisory-GHSA-x2xw-hw8g-6773
ssvc	Track	https://vulncheck.com/advisories/vc-advisory-GHSA-x2xw-hw8g-6773

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-22048
		https://github.com/alphagov/tech-docs-gem
		https://github.com/alphagov/tech-docs-gem/commit/a51c7058cec46bf2a4e25a1da62b14ac3fd46b53
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/govuk_tech_docs/CVE-2024-22048.yml
323		https://github.com/alphagov/tech-docs-gem/pull/323
CVE-2024-22048		https://nvd.nist.gov/vuln/detail/CVE-2024-22048
GHSA-x2xw-hw8g-6773		https://github.com/advisories/GHSA-x2xw-hw8g-6773
GHSA-x2xw-hw8g-6773		https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773
v3.3.1		https://github.com/alphagov/tech-docs-gem/releases/tag/v3.3.1
vc-advisory-GHSA-x2xw-hw8g-6773		https://vulncheck.com/advisories/vc-advisory-GHSA-x2xw-hw8g-6773

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/advisories/GHSA-x2xw-hw8g-6773

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:55:05Z/ Found at https://github.com/advisories/GHSA-x2xw-hw8g-6773

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/alphagov/tech-docs-gem/pull/323

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:55:05Z/ Found at https://github.com/alphagov/tech-docs-gem/pull/323

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/alphagov/tech-docs-gem/releases/tag/v3.3.1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:55:05Z/ Found at https://github.com/alphagov/tech-docs-gem/releases/tag/v3.3.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:55:05Z/ Found at https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://vulncheck.com/advisories/vc-advisory-GHSA-x2xw-hw8g-6773

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-13T18:55:05Z/ Found at https://vulncheck.com/advisories/vc-advisory-GHSA-x2xw-hw8g-6773

Exploit Prediction Scoring System (EPSS)

Percentile	0.83156
EPSS Score	0.0179
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:47:37.042947+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/22xxx/CVE-2024-22048.json	38.6.0