VDB
CVE-2024-47882
CVE-2024-47882
PUBLISHED
CVSS 5.900000095367432 MEDIUM
OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project
EPSS 0.30% · 53.7th percentile
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
EPSS Score
0.30%
53.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.openrefine:openrefine | 0 |
| openrefine | openrefine | 0 |
| openrefine | openrefine | 0 |
| OpenRefine | OpenRefine | < 3.8.3 |
Exploit Intelligence
Timeline
- Jan 21, 1970 Security Advisory
- Oct 24, 2024 CVE Published
- Oct 24, 2024 Coalition ESS Score
- Oct 25, 2024 EPSS Score
- Oct 25, 2024 Coalition ESS Score
- Oct 28, 2024 Coalition ESS Score
- Nov 12, 2024 EPSS Score
- Dec 2, 2024 EPSS Score
- Dec 20, 2024 EPSS Score
- Jan 7, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
- Feb 13, 2025 EPSS Score
References
- https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-j8hp-f2mj-586g url
- https://github.com/OpenRefine/OpenRefine/commit/85594e75e7b36025f7b6a67dcd3ec253c5dff8c2 url
- https://github.com/OpenRefine/OpenRefine/blob/master/main/webapp/modules/core/error.vt#L52-L53 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-47882 advisory
- https://github.com/OpenRefine/OpenRefine package