CVE-2024-47826

Summary

CVE-2024-47826 is a vulnerability affecting versions prior to 5.1.5 of eLabFTW, an open-source electronic lab notebook for research labs. This issue permits an attacker to inject arbitrary HTML tags into the "experiments.php," "database.php," and "search.php" pages. The attacker can provide HTML code in an extended search string, which is then displayed to the user in error messages. Although this vulnerability does not enable the execution of arbitrary JavaScript, it poses a low-impact risk due to the display of injected HTML within a red "alert/danger" box. To mitigate this risk, users are advised to upgrade to version 5.1.5 or higher, which includes a patch for this vulnerability. No known workarounds are currently available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.