VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-grek-9pzd-kkdm

Essentials
Severities (17)
References (8)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-grek-9pzd-kkdm
Aliases	CVE-2024-34467 GHSA-969f-v7jv-pgj3
Summary	ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-34467
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-34467
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-34467
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-969f-v7jv-pgj3
cvssv3.1	6.1	https://github.com/top-think/framework
generic_textual	MODERATE	https://github.com/top-think/framework
cvssv3.1	6.1	https://github.com/top-think/framework/commit/403358cd3e510e2fdab63f951930bdd093314eee
generic_textual	MODERATE	https://github.com/top-think/framework/commit/403358cd3e510e2fdab63f951930bdd093314eee
cvssv3.1	6.1	https://github.com/top-think/framework/commit/57d1950a1844ef8d3098ea290032aeb92e2e32c3
generic_textual	MODERATE	https://github.com/top-think/framework/commit/57d1950a1844ef8d3098ea290032aeb92e2e32c3
cvssv3.1	6.1	https://github.com/top-think/framework/commit/d3904e51e279c3b72ee206192aeccf9b1cffb534
generic_textual	MODERATE	https://github.com/top-think/framework/commit/d3904e51e279c3b72ee206192aeccf9b1cffb534
cvssv3.1	6.1	https://github.com/top-think/framework/issues/2996
generic_textual	MODERATE	https://github.com/top-think/framework/issues/2996
ssvc	Track	https://github.com/top-think/framework/issues/2996
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2024-34467
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-34467

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-34467
		https://github.com/top-think/framework
		https://github.com/top-think/framework/commit/403358cd3e510e2fdab63f951930bdd093314eee
		https://github.com/top-think/framework/commit/57d1950a1844ef8d3098ea290032aeb92e2e32c3
		https://github.com/top-think/framework/commit/d3904e51e279c3b72ee206192aeccf9b1cffb534
2996		https://github.com/top-think/framework/issues/2996
CVE-2024-34467		https://nvd.nist.gov/vuln/detail/CVE-2024-34467
GHSA-969f-v7jv-pgj3		https://github.com/advisories/GHSA-969f-v7jv-pgj3

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/top-think/framework

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/top-think/framework/commit/403358cd3e510e2fdab63f951930bdd093314eee

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/top-think/framework/commit/57d1950a1844ef8d3098ea290032aeb92e2e32c3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/top-think/framework/commit/d3904e51e279c3b72ee206192aeccf9b1cffb534

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/top-think/framework/issues/2996

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-16T18:14:34Z/ Found at https://github.com/top-think/framework/issues/2996

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-34467

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.1712
EPSS Score	0.00054
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:39:16.108260+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/34xxx/CVE-2024-34467.json	38.6.0