CVE-2024-37161 MeterSphere front-end editor stores XSS vulnerability

MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue...

MeterSphere 跨站脚本漏洞

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 1.10.1-lts previous versions of cross-site scripting vulnerability , the vulnerability stems from the application of the user-supplied data lack of effective filtering and escaping , an attacker c...

CVE-2023-50267

MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds...

CVE-2023-38494

CVE-2023-38494 affects MeterSphere Cloud interfaces; root cause is interfaces lacking configuration permissions, enabling sensitive data disclosure. Public details indicate versions prior to 2.10.4 LTS are affected; 2.10.4 LTS contains the patch. Remediation: upgrade to 2.10.4 LTS (or apply vendo...

CVE-2023-35937

CVE-2023-35937 affects Metersphere before version 2.10.2 LTS, where several key APIs lack permission checks, allowing ordinary users to perform actions reserved for space/project administrators (e.g., updating a user as a space administrator). The issue is documented in multiple sources (NVD entr...

MeterSphere Denial of Service Vulnerability

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 2.9.1 and previous versions of a denial of service vulnerability , the vulnerability stems from the submission of a very long password during login , it will force the system to perform a long...

CVE-2023-32699

MeterSphere is affected by a denial-of-service vulnerability in versions up to 2.9.1. The issue arises when a user submits an excessively long password during login, triggering the MD5-based password hashing (CodingUtil.md5) to run for the long password and exhaust server CPU/memory, potentially ...

CVE-2023-30550

MeterSphere (open source continuous testing platform) contains an IDOR vulnerability that lets a project administrator modify other projects within the same workspace, potentially escalating privileges to obtain operating permissions. The issue is fixed in version 2.9.0. Affected component: proje...

CVE-2023-30550 IDOR vulnerability exists in metersphere

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...

CVE-2023-25573

metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...

Improper access control

metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...

CVE-2023-25573

Metersphere contains an improper access control vulnerability: unauthenticated users can download arbitrary files via /api/jmeter/download/files, exposing sensitive data. Affected versions include those prior to the fixes, with remediation in versions 1.20.20 lts and 2.7.1. The issue stems from i...

Command Execution Vulnerability in Metersphere

MeterSphere is a one-stop open source continuous testing platform, covering test tracking, interface testing, performance testing, team collaboration and other functions, compatible with JMeter and other open source standards, effectively helping development and testing teams to make full use of...