Medium severity6.4OSV Advisory· Published Feb 12, 2025· Updated Apr 15, 2026

CVE-2024-54160

Description

dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer.

Affected products

Opensef Project/Dashboards ReportingOSV
Range: 1.0.0, 1.0.0-beta1, 1.0.0-rc1, …

Patches

d1b2f1f3dfcd

https://github.com/opensearch-project/dashboards-reportingvia osv

58c499356b52

https://github.com/opensearch-project/opensearch-buildvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/opensearch-project/dashboards-reporting/compare/2.18.0.0...2.19.0.0nvd
github.com/opensearch-project/dashboards-reporting/pull/476nvd
github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.19.0.mdnvd
opensearch.org/releases.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.416
epss	0.004
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000