CVE-2024-6585 Information
Description
Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A threat actor could potentially exploit this vulnerability to store malicious JavaScript which executes in the context of a user’s session with the application.
Reference
https://github.com/google/security-research/security/advisories/GHSA-6529-6jv3-66q2 https://www.cve.org/CVERecord?id=CVE-2024-6585 https://github.com/lightdash/lightdash https://github.com/lightdash/lightdash/releases/tag/0.1042.2 https://patch-diff.githubusercontent.com/raw/lightdash/lightdash/pull/9510.patch https://patch-diff.githubusercontent.com/raw/lightdash/lightdash/pull/9359.patch https://github.com/lightdash/lightdash/pull/9510 https://github.com/lightdash/lightdash/pull/9359
Share on: