Unrated severityNVD Advisory· Published Mar 12, 2024· Updated Aug 26, 2024

Cross site scripting on router page in Peering Manager

CVE-2024-28112

Description

Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting (XSS) attack in the name attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code with the permission of a victim. XSS attacks are often used to steal credentials or login tokens of other users. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected products

Peering Manager/Peering Managerv5
Range: < 1.8.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/peering-manager/peering-manager/security/advisories/GHSA-fmf5-24pq-rq2wmitrex_refsource_CONFIRM
owasp.org/www-community/attacks/xssmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000