Количество 2
Количество 2
CVE-2024-52290
LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`confKey`) parameter. After this setup, when any user with access to this service (e.g. admin) tries to delete this key, a payload acts in the victim's browser. Version 2.1.0 fixes the issue.
GHSA-9cwv-pxcr-hfjc
LF Edge eKuiper Vulnerable to Stored XSS in Configuration Key Functionality
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-52290 LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`confKey`) parameter. After this setup, when any user with access to this service (e.g. admin) tries to delete this key, a payload acts in the victim's browser. Version 2.1.0 fixes the issue. | CVSS3: 6.3 | 0% Низкий | 9 месяцев назад |
| GHSA-9cwv-pxcr-hfjc LF Edge eKuiper Vulnerable to Stored XSS in Configuration Key Functionality | CVSS3: 6.3 | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу