CVE-2024-52762
MEDIUM NUCLEIganglia-web 3.73-3.76 - Cross-Site Scripting via tz Parameter in header.php
Title source: llmExploitation Summary
CVE-2024-52762 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter.
Nuclei Templates (1)
Ganglia Web Interface (v3.7.3 - v3.7.6) - Cross-Site Scripting
MEDIUMVERIFIEDby DhiyaneshDk,daffainfo
Shodan:
http.html:"ganglia_form.submit()"
FOFA:
body="ganglia_form.submit()"
References (1)
Core 1
Core References
Exploit, Issue Tracking
https://github.com/ganglia/ganglia-web/issues/382
Scores
CVSS v3
5.4
EPSS
0.0075
EPSS Percentile
50.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
ganglia/ganglia-web
3.7.3 - 3.76
Published
Nov 19, 2024
Tracked Since
Feb 18, 2026