Unrated severityNVD Advisory· Published Jul 25, 2024· Updated Aug 12, 2024

OpenObserve Cross-site Scripting (XSS) vulnerability in `openobserve/web/src/views/MemberSubscription.vue`

CVE-2024-41809

Description

OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of openobserve/web/src/views/MemberSubscription.vue. Version 0.10.0 sanitizes incoming html.

Affected products

Openobserve/Openobservev5
Range: >= 0.4.4, < 0.10.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/openobserve/openobserve/blob/v0.5.2/web/src/views/MemberSubscription.vuemitrex_refsource_MISC
github.com/openobserve/openobserve/commit/2334377ebc8b74beb06ab3e5712dbdb1be1eff02mitrex_refsource_MISC
github.com/openobserve/openobserve/commit/64587261968217dfb8af4c4f6054d58bbc6d331dmitrex_refsource_MISC
github.com/openobserve/openobserve/security/advisories/GHSA-rw8w-37p9-mrrpmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000