Home > Vulnerability Database > CVE-2024-26140

Mend.io Vulnerability Database

CVE-2024-26140

Good to know:

Date: February 20, 2024

com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS. No known workarounds exist.

Language: Clojure

Severity Score

4.6

Related Resources (7)

Url: https://github.com/yetanalytics/lrs/security/advisories/GHSA-7rw2-3hhp-rc46

Url: https://github.com/yetanalytics/lrs/releases/tag/v1.2.17

Url: https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-26140

Url: https://github.com/yetanalytics/lrs/commit/d7f4883bc2252337d25e8bba2c7f9d172f5b0621

Url: https://clojars.org/com.yetanalytics/lrs/versions/1.2.17

Url: https://www.mend.io/vulnerability-database/CVE-2024-26140

Severity Score

4.6

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version v1.2.17

Learn More

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-26140

Good to know:

Date: February 20, 2024

Language: Clojure

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?