cbcvebase.
CVE-2024-52763
published 2024-11-19

CVE-2024-52763: A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web…

PriorityP274medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.63%
45.5th percentile
A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter.

Affected

2 ranges
VendorProductVersion rangeFixed in
debianganglia-web
gangliaganglia-web3.7.3 – 3.7.5

Detection & IOCsextracted from sources · hover to see the quote

path/graph_all_periods.php
url/ganglia/graph_all_periods.php?g=%22%22%20autofocus%20onfocus=alert(document.domain)//%22
other"" autofocus onfocus=alert(document.domain)//"
  • Match HTTP response body for the reflected XSS payload string '"" autofocus onfocus=alert(document.domain)//"' AND the string 'metricActions' to confirm exploitation of the g parameter in /graph_all_periods.php.
  • Use Shodan query 'http.html:"ganglia_form.submit()"' or FOFA query 'body="ganglia_form.submit()"' to identify exposed Ganglia web instances potentially vulnerable to CVE-2024-52763.
  • The vulnerability requires an authenticated low-privileged user (PR:L) and user interaction (UI:R); monitor for unexpected GET requests to /graph_all_periods.php with URL-encoded HTML/JS payloads in the 'g' parameter.
  • ·Affected versions are Ganglia-web v3.7.3 through v3.7.5 only; the vulnerability is in the 'g' parameter of /graph_all_periods.php.
  • ·Debian distributions (bookworm, bullseye, forky, sid, trixie) all remain open/unpatched as of the tracker entry; no fix has been applied in those package streams.

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv5.4MEDIUM
vulncheck5.4MEDIUM
vendor_debian5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.