CVE-2024-30461 is a DOM-based Cross-site Scripting (XSS) vulnerability classified under CWE-79 in Tumult Hype Animations software versions up to 1.9.11. The vulnerability arises from improper neutralization of input during web page generation, allowing malicious scripts to be executed in the user's browser. The CVSS 3.1 base score is 7.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction needed, and impacts on confidentiality, integrity, and availability. No patch or official remediation guidance is currently provided by the vendor. The vulnerability is not related to a cloud service and no known active exploitation has been reported.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected application, potentially leading to data disclosure, data manipulation, or disruption of service. The CVSS score of 7.1 indicates a high impact on confidentiality, integrity, and availability. However, there are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution with untrusted input and consider implementing additional input validation or content security policies as temporary mitigations. Monitor official Tumult Inc communications for updates on patches or workarounds.