CVE-2024-37161 - Vulnerability Details - OpenCVE

ReportizFlow

MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Metersphere	Metersphere

Configuration 1 [-]

cpe:2.3:a:metersphere:metersphere:*:*:*:*:lts:*:*:*

No data.

References

Link	Providers
https://github.com/metersphere/metersphere/security/advisories/GHSA-6h7v-q5rp-h6q9

History

Thu, 04 Sep 2025 19:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:metersphere:metersphere:::::lts:::*

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-06-11T14:07:12.917Z

Updated: 2024-08-02T03:50:54.743Z

Reserved: 2024-06-03T17:29:38.329Z

Link: CVE-2024-37161

Vulnrichment

Updated: 2024-08-02T03:50:54.743Z

NVD

Status : Analyzed

Published: 2024-06-11T15:16:09.153

Modified: 2025-09-04T19:12:45.547

Link: CVE-2024-37161

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37161", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-06-03T17:29:38.329Z", "datePublished": "2024-06-11T14:07:12.917Z", "dateUpdated": "2024-08-02T03:50:54.743Z"}, "containers": {"cna": {"title": "MeterSphere front-end editor stores XSS vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-6h7v-q5rp-h6q9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-6h7v-q5rp-h6q9"}], "affected": [{"vendor": "metersphere", "product": "metersphere", "versions": [{"version": "< 1.10.1-lts", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-11T14:07:12.917Z"}, "descriptions": [{"lang": "en", "value": "MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue."}], "source": {"advisory": "GHSA-6h7v-q5rp-h6q9", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T16:14:30.261812Z", "id": "CVE-2024-37161", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T16:14:52.060Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:50:54.743Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-6h7v-q5rp-h6q9", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-6h7v-q5rp-h6q9"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-6h7v-q5rp-h6q9", "name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-6h7v-q5rp-h6q9", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:50:54.743Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37161", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-11T16:14:30.261812Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T16:14:47.481Z"}}], "cna": {"title": "MeterSphere front-end editor stores XSS vulnerability", "source": {"advisory": "GHSA-6h7v-q5rp-h6q9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "metersphere", "product": "metersphere", "versions": [{"status": "affected", "version": "< 1.10.1-lts"}]}], "references": [{"url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-6h7v-q5rp-h6q9", "name": "https://github.com/metersphere/metersphere/security/advisories/GHSA-6h7v-q5rp-h6q9", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-11T14:07:12.917Z"}}}, "cveMetadata": {"cveId": "CVE-2024-37161", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:50:54.743Z", "dateReserved": "2024-06-03T17:29:38.329Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-06-11T14:07:12.917Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:metersphere:metersphere:*:*:*:*:lts:*:*:*", "matchCriteriaId": "85A6ECB1-2495-48A0-B875-993B742B6C8C", "versionEndExcluding": "1.10.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue."}, {"lang": "es", "value": "MeterSphere es una plataforma de pruebas continuas de c\u00f3digo abierto. Antes de la versi\u00f3n 1.10.1-lts, el editor de pasos del sistema almacena vulnerabilidades de Cross-Site Scripting. La versi\u00f3n 1.10.1-lts soluciona este problema."}], "id": "CVE-2024-37161", "lastModified": "2025-09-04T19:12:45.547", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-06-11T15:16:09.153", "references": [{"source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-6h7v-q5rp-h6q9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-6h7v-q5rp-h6q9"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Secondary"}]}