CVE-2024-28983

HIGH

Hitachi Vantara Pentaho Business Analytics Server 8.3.0-9.3.0.6 - Cross-Site Scripting in Analyzer Plugin

Title source: llm
STIX 2.1

Description

Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0046
EPSS Percentile 64.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
hitachi/pentaho_business_analytics_server 8.3.0 - 9.3.0.7
Published Jun 26, 2024
Tracked Since Feb 18, 2026