CVE-2024-29183
MEDIUMOpenRASP <= 1.3.7 - Reflected Cross-Site Scripting via Login Redirect Parameter
Title source: llmDescription
OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of a user after the user logins with their account.
References (2)
Core 2
Core References
Patch x_refsource_confirm
https://github.com/baidu/openrasp/commit/240fde3901c7a36aaade3683ffd5c89140a535fb
Various Sources x_refsource_misc
https://securitylab.github.com/advisories/GHSL-2023-253_openrasp
Scores
CVSS v3
6.1
EPSS
0.0040
EPSS Percentile
32.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
baidu/openrasp
<=1.3.7
Published
Apr 19, 2024
Tracked Since
Feb 18, 2026