CVE-2024-52763
MEDIUM EXPLOITED NUCLEIganglia-web 3.7.3-3.7.5 - Cross-Site Scripting via graph_all_periods.php g Parameter
Title source: llmExploitation Summary
CVE-2024-52763 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter.
Nuclei Templates (1)
Ganglia Web Interface (v3.7.3 - v3.7.5) - Cross-Site Scripting
MEDIUMby DhiyaneshDK
Shodan:
http.html:"ganglia_form.submit()"
FOFA:
body="ganglia_form.submit()"
References (1)
Core 1
Core References
Exploit, Issue Tracking
https://github.com/ganglia/ganglia-web/issues/382
Scores
CVSS v3
5.4
EPSS
0.0063
EPSS Percentile
45.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2025-06-07
CWE
CWE-79
Status
published
Products (1)
ganglia/ganglia-web
3.7.3 - 3.7.5
Published
Nov 19, 2024
Tracked Since
Feb 18, 2026