How severe is CVE-2024-2171?

This vulnerability has a severity rating of LOW with a CVSS score of 3.4 out of 10.

What type of vulnerability is CVE-2024-2171?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-2171

LOW Year: 2024

CVSS v3 Score

3.4

Low

Weakness Type

CWE-79

View all →

Vulnerability Description

A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise.

CVE-2022-4067

LOW

CVSS:3.4(Low)

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.

CWE-792022

CVE-2022-4069

LOW

CVSS:3.4(Low)

Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.

CWE-792022

CVE-2023-1237

LOW

CVSS:3.4(Low)

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

CWE-792023

CVE-2023-25840

LOW

CVSS:3.4(Low)

There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but co...

CWE-792023

CVE-2023-36016

LOW

CVSS:3.4(Low)

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CWE-792023

CVE-2024-3166

LOW

CVSS:3.4(Low)

A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability a...

CWE-792024

CVE-2024-2171

Vulnerability Description

Related Vulnerabilities

CVE-2022-4067

CVE-2022-4069

CVE-2023-1237

CVE-2023-25840

CVE-2023-36016

CVE-2024-3166