CVE-2024-37161

MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/metersphere/metersphere/security/advisories/GHSA-6h7v-q5rp-h6q9

Configurations

No configuration.

History

13 Jun 2024, 18:36

Type	Values Removed	Values Added
Summary		(es) MeterSphere es una plataforma de pruebas continuas de código abierto. Antes de la versión 1.10.1-lts, el editor de pasos del sistema almacena vulnerabilidades de Cross-Site Scripting. La versión 1.10.1-lts soluciona este problema.

11 Jun 2024, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-11 15:16

Updated : 2024-06-13 18:36

NVD link : CVE-2024-37161

Mitre link : CVE-2024-37161

CVE.ORG link : CVE-2024-37161

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.0 /10