CVE-2024-54160 Information

Description

dashboards-reporting (aka Dashboards Reports) before 2.19.0.0 as shipped in OpenSearch before 2.19 allows XSS because Markdown is not sanitized when previewing a header or footer.

Reference

https://github.com/Jflye/CVE-2024-54160–Opensearch-HTML-Injection https://github.com/opensearch-project/dashboards-reporting/compare/2.18.0.0…2.19.0.0 https://github.com/opensearch-project/dashboards-reporting/pull/476 https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.19.0.md https://opensearch.org/releases.html