CVE-2024-54795

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 21, 2025

CWE ID 79

Summary

CVE-2024-54795 is a stored Cross-Site Scripting (XSS) vulnerability affecting SpagoBI version 3.5.1. Maliciously crafted inputs in the create/edit forms of the worksheet designer function can be stored and executed in a user's browser, potentially leading to unauthorized data access or theft of sensitive information. Attackers can inject malicious scripts to manipulate web pages visited by other users, posing a significant security risk. It is recommended that users upgrade to the latest version of SpagoBI to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SpagoBI

Affected Vendors

Engineering Ingegneria Informatica S.p.A.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/1Tt2ZF
https://www.cve.org/CVERecord?id=CVE-2024-54795
https://nvd.nist.gov/vuln/detail/CVE-2024-54795

Back to Vulnerability Database