Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/16 8:9 a.m.19 views

CVE-2024-52290

LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...

6.3CVSS6.2AI score0.00242EPSS
Exploits1References1
NVD
NVD
added 2025/05/14 8:15 a.m.13 views

CVE-2024-52290

LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...

6.3CVSS0.00242EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/14 7:19 a.m.10 views

CVE-2024-52290 Stored XSS in Configuration Key Functionality

LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...

6.3CVSS6.1AI score0.00242EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/14 7:19 a.m.18 views

CVE-2024-52290 Stored XSS in Configuration Key Functionality

LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...

6.3CVSS0.00242EPSS
Exploits1References1
CVE
CVE
added 2025/05/14 7:19 a.m.43 views

CVE-2024-52290

LF Edge eKuiper is affected by a Stored XSS in the Connection Configuration key “Name” (confKey). A user with rights to modify the service (e.g., kuiperUser) can inject arbitrary payloads, which then execute in the browser of other users (e.g., admins) when the key is deleted. The issue is descri...

6.3CVSS6.5AI score0.00242EPSS
Exploits1References1Affected Software1
Circl
Circl
added 2025/05/14 12:58 a.m.17 views

CVE-2024-52290

creationtimestamp| type| source ---|---|--- 2025-05-14 00:58:50+00:00| published-proof-of-concept| https://github.com/lf-edge/ekuiper/security/advisories/GHSA-9cwv-pxcr-hfjc 2025-05-14 07:30:58+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16291 2025-05-14 07:52:10+00:0...

6.3CVSS7.8AI score0.00242EPSS
Exploits1References4
Rows per page
Query Builder