CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0.
Metrics
Affected Vendors & Products
References
History
Fri, 23 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Okfn
Okfn ckan |
|
CPEs | cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:* | |
Vendors & Products |
Okfn
Okfn ckan |
Thu, 22 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 21 Aug 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0. | |
Title | CKAN has a Cross-site Scripting vector in the Datatables view plugin | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-08-21T14:34:31.424Z
Updated: 2024-08-22T13:35:13.240Z
Reserved: 2024-07-18T15:21:47.486Z
Link: CVE-2024-41675
Vulnrichment
Updated: 2024-08-22T13:35:09.168Z
NVD
Status : Analyzed
Published: 2024-08-21T15:15:08.963
Modified: 2024-08-23T17:07:28.247
Link: CVE-2024-41675
Redhat
No data.