Описание
dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer.
dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-54160
- https://github.com/opensearch-project/dashboards-reporting/pull/476
- https://github.com/Jflye/CVE-2024-54160--Opensearch-HTML-Injection
- https://github.com/opensearch-project/dashboards-reporting/compare/2.18.0.0...2.19.0.0
- https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.19.0.md
- https://opensearch.org/releases.html
Связанные уязвимости
CVSS3: 6.4
nvd
11 месяцев назад
dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer.
CVSS3: 6.4
fstec
11 месяцев назад
Уязвимость программного пакета OpenSearch, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный код
