High

aim

Stored XSS through Run Logs

A stored XSS vulnerability was identified in version 3.19.3 of the software, where terminal output logs are displayed using the `dangerouslySetInnerHTML` function in React. This issue was patched in a subsequent release.

Available publicly on Jul 12 2024

7.2

CVE:

CVE-2024-6578

CWE:

79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Credit:

patrik-ha
AssessDetect

Premium

Remediate
Remediation Steps
  • Update to the latest version of the software where this vulnerability is patched.
  • Avoid using dangerouslySetInnerHTML for rendering user-generated content.
  • Implement proper input sanitization and output encoding to prevent XSS attacks.
  • Regularly review and test code for security vulnerabilities.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.