How severe is CVE-2024-37360?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2024-37360?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-37360

MEDIUM Year: 2024

CVSS v3 Score

4.4

Medium

Weakness Type

CWE-79

View all →

Vulnerability Description

Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. (CWE-79) Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.0 and 9.3.0.9, including 8.3.x, allow a malicious URL to inject content into the Analyzer plugin interface. Once the malicious script is injected, the attacker can perform a variety of malicious activities. The attacker could transfer private information, such as cookies that may include session information, from the victim's machine to the attacker. The attacker could send malicious requests to a web site on behalf of the victim, which could be especially dangerous to the site if the victim has administrator privileges to manage that site.

CVE-2018-1000062

MEDIUM

CVSS:4.4(Medium)

WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbit...

CWE-792018

CVE-2019-14759

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Ra...

CWE-792019

CVE-2019-14760

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder applic...

CWE-792019

CVE-2019-14761

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Note application. A...

CWE-792019

CVE-2020-14445

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Manage...

CWE-792020

CVE-2020-4768

MEDIUM

CVSS:4.4(Medium)

IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the...

CWE-792020

CVE-2024-37360

Vulnerability Description

Related Vulnerabilities

CVE-2018-1000062

CVE-2019-14759

CVE-2019-14760

CVE-2019-14761

CVE-2020-14445

CVE-2020-4768