CVE-2024-6585
CVE-2024-6585
Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A threat actor could potentially exploit this vulnerability to store malicious JavaScript which executes in the context of a user’s session with the application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
Lightdash · LightdashWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/google/security-research/security/advisories/GHSA-6529-6jv3-66q2https://github.com/lightdash/lightdashhttps://github.com/lightdash/lightdash/pull/9359https://github.com/lightdash/lightdash/pull/9510https://github.com/lightdash/lightdash/releases/tag/0.1042.2https://patch-diff.githubusercontent.com/raw/lightdash/lightdash/pull/9359.patchhttps://patch-diff.githubusercontent.com/raw/lightdash/lightdash/pull/9510.patchhttps://www.cve.org/CVERecord?id=CVE-2024-6585