CVE-2024-41675

CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin...

CKAN has Cross-site Scripting vector in the Datatables view plugin

The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Impact Sites running CKAN = 2.7.0 with the datatablesview plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to...

CVE-2024-41675

CKAN 2.7.0+ with the datatables_view plugin (a core CKAN component) is affected: the Datatables view failed to properly escape data from the DataStore, creating an XSS vector. The issue is fixed in CKAN 2.10.5 and 2.11.0. Affected sites should upgrade to one of these versions to remediate; the pl...

PT-2024-29500 · Ckan +2 · Datatables View Plugin +3

Name of the Vulnerable Software and Affected Versions: CKAN versions 2.7.0 through 2.10.4 CKAN version 2.11.0 is not affected, but versions prior to 2.11.0 are vulnerable if they are earlier than 2.10.5. Description: The Datatables view plugin in CKAN did not properly escape record data coming fr...