CVE-2024-6585

Опубликовано: 30 авг. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A threat actor could potentially exploit this vulnerability to store malicious JavaScript which executes in the context of a user’s session with the application.

Ссылки

https://github.com/google/security-research/security/advisories/GHSA-6529-6jv3-66q2
https://github.com/lightdash/lightdash
https://github.com/lightdash/lightdash/pull/9359
https://github.com/lightdash/lightdash/pull/9510
https://github.com/lightdash/lightdash/releases/tag/0.1042.2
https://patch-diff.githubusercontent.com/raw/lightdash/lightdash/pull/9359.patch
https://patch-diff.githubusercontent.com/raw/lightdash/lightdash/pull/9510.patch
https://www.cve.org/CVERecord?id=CVE-2024-6585

EPSS

Процентиль: 41%

0.00189

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79