High severity7.2NVD Advisory· Published Jul 25, 2024· Updated Jun 17, 2026
CVE-2024-41809
CVE-2024-41809
Description
OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of openobserve/web/src/views/MemberSubscription.vue. Version 0.10.0 sanitizes incoming html.
Affected products
20.4.4 <= version < 0.10.0+ 1 more
- (no CPE)range: 0.4.4 <= version < 0.10.0
- (no CPE)range: >= 0.4.4, < 0.10.0
Patches
Vulnerability mechanics
References
4- github.com/openobserve/openobserve/commit/2334377ebc8b74beb06ab3e5712dbdb1be1eff02nvdPatch
- github.com/openobserve/openobserve/commit/64587261968217dfb8af4c4f6054d58bbc6d331dnvdPatch
- github.com/openobserve/openobserve/security/advisories/GHSA-rw8w-37p9-mrrpnvdThird Party Advisory
- github.com/openobserve/openobserve/blob/v0.5.2/web/src/views/MemberSubscription.vuenvdProduct
News mentions
0No linked articles in our index yet.