CVE-2024-51735: Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE

November 5, 2024 (updated October 31, 2025)

XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server.

References

drive.google.com/file/d/1u-YowfzFV1tUqLaZk4s4Y1DykFhJZ8gR/view?usp=sharing
github.com/advisories/GHSA-wvv7-wm5v-w2gv
github.com/j3ssie/osmedeus
github.com/j3ssie/osmedeus/security/advisories/GHSA-wvv7-wm5v-w2gv
nvd.nist.gov/vuln/detail/CVE-2024-51735

Code Behaviors & Features

Detect and mitigate CVE-2024-51735 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →