Lucene search
GoogleOSV:GHSA-2R57-2MRH-GGJVHistoryJun 04, 2024 - 12:31 p.m.
ydata cross-site scripting
2024-06-0412:31:05
Google
osv.dev
cross-site scripting
ydata
version 3.7.0
browser
vulnerability
malicious report
open-source library
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.0%
A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata’s ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser.
Related
nvd
nvd
CVE-2024-37063
2024-06-04 12:15:13
github
github
ydata cross-site scripting
2024-06-04 12:31:05
vulnrichment
vulnrichment
CVE-2024-37063
2024-06-04 12:02:53
cvelist
cvelist
CVE-2024-37063
2024-06-04 12:02:53
cve
cve
CVE-2024-37063
2024-06-04 12:15:13
veracode
veracode
Cross Site Scripting(XSS)
2024-06-25 06:40:01
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.0%
Related for OSV:GHSA-2R57-2MRH-GGJV