CVE-2024-47817: Lara-zeus Dynamic Dashboard and Artemis do not validate paragraph widget values which can be used for XSS
(updated )
If values passed to a paragraph widget are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a paragraph widget is rendered.
Versions of dynamic dashboard from v3.0.0 through v3.0.2 are affected.
Please upgrade to dynamic dashboard v3.0.2.
References
- github.com/advisories/GHSA-c6cw-g7fc-4gwc
- github.com/lara-zeus/artemis/commit/3a3f9dd8a706af569c5581b20dcfeff91a43b9d9
- github.com/lara-zeus/artemis/commit/4636f58628d20d3e78ea8514406bd7da94997f2c
- github.com/lara-zeus/dynamic-dashboard
- github.com/lara-zeus/dynamic-dashboard/commit/adfb4b1cdfdaa01299631f0e569ce201a7cc545a
- github.com/lara-zeus/dynamic-dashboard/security/advisories/GHSA-c6cw-g7fc-4gwc
- nvd.nist.gov/vuln/detail/CVE-2024-47817
Detect and mitigate CVE-2024-47817 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →