Description

Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A threat actor could potentially exploit this vulnerability to store malicious JavaScript which executes in the context of a user’s session with the application.

INFO

Published Date :

2024-08-30T22:17:28.565Z

Last Modified :

2024-09-03T14:52:05.350Z

Source :

Mandiant
AFFECTED PRODUCTS

The following products are affected by CVE-2024-6585 vulnerability.

Vendors Products
Lightdash
  • Lightdash
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-6585.

URL Resource
https://github.com/google/security-research/security/advisories/GHSA-6529-6jv3-66q2 cve-icon cve-icon
https://github.com/lightdash/lightdash cve-icon cve-icon
https://github.com/lightdash/lightdash/pull/9359 cve-icon cve-icon
https://github.com/lightdash/lightdash/pull/9510 cve-icon cve-icon
https://github.com/lightdash/lightdash/releases/tag/0.1042.2 cve-icon cve-icon
https://patch-diff.githubusercontent.com/raw/lightdash/lightdash/pull/9359.patch cve-icon cve-icon
https://patch-diff.githubusercontent.com/raw/lightdash/lightdash/pull/9510.patch cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-6585 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact