Vulnerability Description
Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting (XSS) attack in the `name` attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code with the permission of a victim. XSS attacks are often used to steal credentials or login tokens of other users. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Peering-Manager | Peering Manager | < 1.8.3 |
Related Weaknesses (CWE)
References
- https://github.com/peering-manager/peering-manager/security/advisories/GHSA-fmf5Vendor Advisory
- https://owasp.org/www-community/attacks/xssNot Applicable
- https://github.com/peering-manager/peering-manager/security/advisories/GHSA-fmf5Vendor Advisory
- https://owasp.org/www-community/attacks/xssNot Applicable
FAQ
What is CVE-2024-28112?
CVE-2024-28112 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting (XSS) attack in the `name` attribute of AS or Platform. Th...
How severe is CVE-2024-28112?
CVE-2024-28112 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-28112?
Check the references section above for vendor advisories and patch information. Affected products include: Peering-Manager Peering Manager.