CVE-2024-52290: LF Edge eKuiper Vulnerable to Stored XSS in Configuration Key Functionality

May 14, 2025

Stored Cross-Site Scripting (XSS) vulnerability allows attackers to inject malicious scripts into web applications, which can then be executed in the context of other users’ browsers. This can lead to unauthorized access to sensitive information, session hijacking, and spreading of malware, impacting user data privacy and application integrity.

References

github.com/advisories/GHSA-9cwv-pxcr-hfjc
github.com/lf-edge/ekuiper
github.com/lf-edge/ekuiper/commit/943c02e10f0f8349e609474810eab5fa460d1a51
github.com/lf-edge/ekuiper/security/advisories/GHSA-9cwv-pxcr-hfjc
nvd.nist.gov/vuln/detail/CVE-2024-52290

Code Behaviors & Features

Detect and mitigate CVE-2024-52290 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →