CVE-2024-41809

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 25, 2024

Updated: Aug 13, 2024

CWE ID 79

Summary

CVE-2024-41809 is a newly disclosed cross-site scripting (XSS) vulnerability affecting OpenObserve, an open-source observability platform. This issue, present in versions 0.4.4 and earlier than 0.10.0, can be exploited by injecting malicious scripts into the application through user input. Specifically, line 32 of `openobserve/web/src/views/MemberSubscription.vue` is the source of the vulnerability. Version 0.10.0 has addressed this issue by implementing proper HTML sanitization to prevent such attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xK_cqy
https://www.cve.org/CVERecord?id=CVE-2024-41809
https://nvd.nist.gov/vuln/detail/CVE-2024-41809

Back to Vulnerability Database

CVE-2024-41809

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations