Lucene search
+L

6 matches found

OSV
OSV
added 2025/02/10 3:32 a.m.3 views

USN-7260-1 openrefine vulnerabilities

It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a crafted tar file, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2023-37476 It was discovered that...

9.8CVSS5.7AI score0.45473EPSS
Exploits8References11
UbuntuCve
UbuntuCve
added 2024/10/24 9:15 p.m.13 views

CVE-2024-47878

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

8.1CVSS5.9AI score0.00441EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/10/24 8:11 p.m.13 views

CVE-2024-47878 Reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

8.1CVSS7.9AI score0.00441EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/24 8:11 p.m.41 views

CVE-2024-47878 Reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

8.1CVSS0.00441EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2024/10/24 8:11 p.m.30 views

CVE-2024-47878

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...

8.1CVSS5.3AI score0.00441EPSS
Exploits1
Circl
Circl
added 2024/10/24 6:1 a.m.15 views

CVE-2024-47878

creationtimestamp| type| source ---|---|--- 2024-10-24 06:01:01+00:00| published-proof-of-concept| https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-pw3x-c5vp-mfc3 2024-10-25 00:21:38+00:00| seen| https://t.me/cvedetector/8860...

8.1CVSS5.7AI score0.00441EPSS
Exploits1References2
Rows per page
Query Builder