CVE-2024-52763
published 2024-11-19CVE-2024-52763: A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web…
PriorityP274medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.63%
45.5th percentile
A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ganglia-web | — | — |
| ganglia | ganglia-web | 3.7.3 – 3.7.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/ganglia/graph_all_periods.php?g=%22%22%20autofocus%20onfocus=alert(document.domain)//%22
other"" autofocus onfocus=alert(document.domain)//"
- →Match HTTP response body for the reflected XSS payload string '"" autofocus onfocus=alert(document.domain)//"' AND the string 'metricActions' to confirm exploitation of the g parameter in /graph_all_periods.php.
- →Use Shodan query 'http.html:"ganglia_form.submit()"' or FOFA query 'body="ganglia_form.submit()"' to identify exposed Ganglia web instances potentially vulnerable to CVE-2024-52763.
- →The vulnerability requires an authenticated low-privileged user (PR:L) and user interaction (UI:R); monitor for unexpected GET requests to /graph_all_periods.php with URL-encoded HTML/JS payloads in the 'g' parameter.
- ·Affected versions are Ganglia-web v3.7.3 through v3.7.5 only; the vulnerability is in the 'g' parameter of /graph_all_periods.php. ↗
- ·Debian distributions (bookworm, bullseye, forky, sid, trixie) all remain open/unpatched as of the tracker entry; no fix has been applied in those package streams. ↗
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv5.4MEDIUM
vulncheck5.4MEDIUM
vendor_debian5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c9hj-p989-pvmr: A cross-site scripting (XSS) vulnerability in the component /graph_all_periods
ghsa_unreviewed·2024-11-19
CVE-2024-52763 [MEDIUM] CWE-79 GHSA-c9hj-p989-pvmr: A cross-site scripting (XSS) vulnerability in the component /graph_all_periods
A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter.
OSV
CVE-2024-52763: A cross-site scripting (XSS) vulnerability in the component /graph_all_periods
osv·2024-11-19·CVSS 5.4
CVE-2024-52763 [MEDIUM] CVE-2024-52763: A cross-site scripting (XSS) vulnerability in the component /graph_all_periods
A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter.
VulnCheck
ganglia ganglia-web Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2024·CVSS 5.4
CVE-2024-52763 [MEDIUM] ganglia ganglia-web Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ganglia ganglia-web Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter.
Affected: ganglia ganglia-web
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2024-52763
Debian
CVE-2024-52763: ganglia-web - A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.p...
vendor_debian·2024·CVSS 5.4
CVE-2024-52763 [MEDIUM] CVE-2024-52763: ganglia-web - A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.p...
A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
Nuclei
Ganglia Web Interface (v3.7.3 - v3.7.5) - Cross-Site Scripting
nuclei·CVSS 5.4
CVE-2024-52763 [MEDIUM] Ganglia Web Interface (v3.7.3 - v3.7.5) - Cross-Site Scripting
Ganglia Web Interface (v3.7.3 - v3.7.5) - Cross-Site Scripting
A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter.
Template:
id: CVE-2024-52763
info:
name: Ganglia Web Interface (v3.7.3 - v3.7.5) - Cross-Site Scripting
author: DhiyaneshDK
severity: medium
description: |
A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter.
impact: |
Authenticated attackers can execute arbitrary JavaScript or HTML in victim browsers by injecting malicious payloads
2024-11-19
Published
Exploited in the wild