CVE-2024-45478Cross-site Scripting in Software Foundation Apache Ranger

CWE-79Cross-site ScriptingCWE-20Improper Input Validation4 documents4 sources
Severity
4.8MEDIUMNVD
EPSS
0.7%
top 28.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache RangerApache Ranger
Timeline
PublishedJan 21
Latest updateJan 22

Description

Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

NVDapache/ranger2.4.02.5.0
CVEListV5apache_software_foundation/apache_ranger2.4.02.5.0

🔴Vulnerability Details

3
GHSA
Apache Ranger has Stored Cross-site Scripting vulnerability in Edit Service Page2025-01-22
OSV
Apache Ranger has Stored Cross-site Scripting vulnerability in Edit Service Page2025-01-22
CVEList
Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input2025-01-21
CVE-2024-45478 — Cross-site Scripting | cvebase