1. Home
  2. CVE Database
  3. CVE-2024-52585
MEDIUM · 5.4

CVE-2024-52585

Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade subm...

Vulnerability Description

Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing line 589 on `gradesheet.js.erb` to take in feedback as text rather than html.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
AutolabprojectAutolab3.0.1

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2024-52585?

CVE-2024-52585 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade subm...

How severe is CVE-2024-52585?

CVE-2024-52585 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-52585?

Check the references section above for vendor advisories and patch information. Affected products include: Autolabproject Autolab.