VYPR
Unrated severityNVD Advisory· Published Sep 20, 2024· Updated Sep 20, 2024

Stored Cross Site Scripting (Stored XSS) in Galaxy

CVE-2024-42346

Description

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All supported branches of Galaxy (and more back to release_20.05) were amended with the supplied patches. Users are advised to upgrade. There are no known workarounds for this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Galaxyproject/Galaxyllm-fuzzy2 versions
    >=20.05+ 1 more
    • (no CPE)range: >=20.05
    • (no CPE)range: < 24.1.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.