Home > Vulnerability Database > CVE-2024-52585

Mend.io Vulnerability Database

CVE-2024-52585

Date: November 18, 2024

Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing line 589 on "gradesheet.js.erb" to take in feedback as text rather than html.

Language: Ruby

Severity Score

4.6

Related Resources (4)

Url: https://github.com/autolab/Autolab/security/advisories/GHSA-8qhp-jhhw-45r2

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-52585

Url: https://github.com/autolab/Autolab/commit/2429983b6caa245fea1b37f0dc236ccbcad9554c

Url: https://www.mend.io/vulnerability-database/CVE-2024-52585

Severity Score

4.6

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-52585

Date: November 18, 2024

Language: Ruby

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?