How severe is CVE-2024-5062?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-5062?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-5062 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a specified URL after completing a survey, without proper validation of the 'redirect' parameter. Consequently, an attacker can execute arbitrary JavaScript code in the context of the user's browser session. This vulnerability could be exploited to steal cookies, potentially leading to account takeover.

Related Vulnerabilities

CVE-2018-1081

MEDIUM

CVSS:5.3(Medium)

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script....

CWE-792018

CVE-2018-12073

MEDIUM

CVSS:5.3(Medium)

An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this iss...

CWE-792018

CVE-2018-15676

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprint...

CWE-792018

CVE-2018-21030

MEDIUM

CVSS:5.3(Medium)

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.

CWE-792018

CVE-2019-4186

MEDIUM

CVSS:5.3(Medium)

IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remot...

CWE-792019

CVE-2019-6697

MEDIUM

CVSS:5.3(Medium)

An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an u...

CWE-792019