How severe is CVE-2024-52290?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2024-52290?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-52290 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`confKey`) parameter. After this setup, when any user with access to this service (e.g. admin) tries to delete this key, a payload acts in the victim's browser. Version 2.1.0 fixes the issue.

Related Vulnerabilities

CVE-2018-15641

MEDIUM

CVSS:6.3(Medium)

Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in t...

CWE-792018

CVE-2018-21155

MEDIUM

CVSS:6.3(Medium)

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0....

CWE-792018

CVE-2018-6495

MEDIUM

CVSS:6.3(Medium)

Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser...

CWE-792018

CVE-2020-13965

MEDIUM

CVSS:6.3(Medium)

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.

CWE-792020

CVE-2020-36085

MEDIUM

CVSS:6.3(Medium)

Stored Cross Site Scripting(XSS) vulnerability in Egavilan Media Resumes Management and Job Application Website 1.0 allows remote attackers to inject arbitrary code via First and Last Name in Apply Fo...

CWE-792020

CVE-2020-7747

MEDIUM

CVSS:6.3(Medium)

This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.

CWE-792020