216.73.217.19

CVE-2024-41675

· Published 21/08/2024 15:15 · Modified 23/08/2024 17:07

Labels: CVE-2024-41675 2024-08-21CVE-2024-41675CWE-79[email protected]

Essential information

Published
21/08/2024 15:15
Modified
23/08/2024 17:07
Author
Creator
CVSS
6.1 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0.

NVD status

Status
Analyzed — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
okfn / ckan cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:*

References