Eclipse Ditto vulnerable to Cross-site Scripting

🗓️ 23 May 2024 12:31:02Reported by GitHub Advisory DatabaseType

Eclipse Ditto XSS Vulnerability in User Interface

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2024-5165	31 Jan 202515:25	–	circl
CNNVD	Eclipse Ditto 安全漏洞	23 May 202400:00	–	cnnvd
CVE	CVE-2024-5165	23 May 202409:56	–	cve
Cvelist	CVE-2024-5165 Eclipse Ditto User Interface vulnerable to XSS due to Improper Neutralization of Input	23 May 202409:56	–	cvelist
EUVD	EUVD-2024-1650	3 Oct 202520:07	–	euvd
NVD	CVE-2024-5165	23 May 202410:15	–	nvd
OSV	GHSA-HJFC-6JXR-J2RX Eclipse Ditto vulnerable to Cross-site Scripting	23 May 202412:31	–	osv
Positive Technologies	PT-2024-34794 · Eclipse · Eclipse Ditto	23 May 202400:00	–	ptsecurity
Vulnrichment	CVE-2024-5165 Eclipse Ditto User Interface vulnerable to XSS due to Improper Neutralization of Input	23 May 202409:56	–	vulnrichment

Vulners

Node

org.eclipse.ditto dittoRange3.5.0–3.5.6maven

org.eclipse.ditto dittoRange3.0.0–3.4.5maven

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-5165
gitlab	www.gitlab.eclipse.org/security/cve-assignement/-/issues/23
gitlab	www.gitlab.eclipse.org/security/vulnerability-reports/-/issues/201
gitlab	www.gitlab.eclipse.org/security/vulnerability-reports/-/issues/202
gitlab	www.gitlab.eclipse.org/security/vulnerability-reports/-/issues/204
gitlab	www.gitlab.eclipse.org/security/vulnerability-reports/-/issues/207
gitlab	www.gitlab.eclipse.org/security/vulnerability-reports/-/issues/209
gitlab	www.gitlab.eclipse.org/security/vulnerability-reports/-/issues/210
gitlab	www.gitlab.eclipse.org/security/vulnerability-reports/-/issues/211
github	www.github.com/eclipse-ditto/ditto/commit/20399a0ab9ef219c7833c24cf8140ddfb298788d

23 May 2024 14:23Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.15.4 - 6.5

EPSS0.00882

SSVC