How severe is CVE-2024-53257?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2024-53257?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-53257 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages are rendered using text/template instead of rendering with a proper HTML templating engine. This vulnerability is fixed in 21.0.1, 20.0.4, and 19.0.8.

Related Vulnerabilities

CVE-2021-20571

MEDIUM

CVSS:4.9(Medium)

IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int...

CWE-792021

CVE-2021-3646

MEDIUM

CVSS:4.9(Medium)

btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-792021

CVE-2023-32969

MEDIUM

CVSS:4.9(Medium)

A cross-site scripting (XSS) vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a...

CWE-792023

CVE-2025-0862

MEDIUM

CVSS:4.9(Medium)

The SuperSaaS – online appointment scheduling plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘after’ parameter in all versions up to, and including, 2.1.12 due to insufficie...

CWE-792025

CVE-2025-2580

MEDIUM

CVSS:4.9(Medium)

The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.18.3 due to insufficient input sanitization ...

CWE-792025

CVE-2025-27693

MEDIUM

CVSS:4.9(Medium)

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with r...

CWE-792025