6 matches found
CVE-2024-52290
LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...
CVE-2024-52290
LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...
CVE-2024-52290 Stored XSS in Configuration Key Functionality
LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...
CVE-2024-52290 Stored XSS in Configuration Key Functionality
LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...
CVE-2024-52290
LF Edge eKuiper is affected by a Stored XSS in the Connection Configuration key “Name” (confKey). A user with rights to modify the service (e.g., kuiperUser) can inject arbitrary payloads, which then execute in the browser of other users (e.g., admins) when the key is deleted. The issue is descri...
CVE-2024-52290
creationtimestamp| type| source ---|---|--- 2025-05-14 00:58:50+00:00| published-proof-of-concept| https://github.com/lf-edge/ekuiper/security/advisories/GHSA-9cwv-pxcr-hfjc 2025-05-14 07:30:58+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16291 2025-05-14 07:52:10+00:0...