cbcvebase.
CVE-2024-52812
published 2025-03-10

CVE-2024-52812: LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g…

PriorityP427medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EPSS
0.31%
23.0th percentile
LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to this service (e.g. admin) tries make any modifications with the rule (update, run, stop, delete), a payload acts in the victim's browser. Version 2.0.8 fixes the issue.

Affected

3 ranges
VendorProductVersion rangeFixed in
github.comlf-edge_ekuiper0 – 1.14.7
github.comlf-edge_ekuiper_v2>= 0 < 2.0.82.0.8
lf-edgeekuiper< 2.0.82.0.8
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.