fkie_cve-2024-12870
Vulnerability from fkie_nvd
Published
2025-03-20 10:15
Modified
2025-03-20 10:15
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A stored cross-site scripting (XSS) vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch (cec2080). The vulnerability allows an attacker to upload HTML/XML files that can host arbitrary JavaScript payloads. These files are served with the 'application/xml' content type, which is automatically rendered by browsers. This can lead to the execution of arbitrary JavaScript in the context of the user's browser, potentially allowing attackers to steal cookies and gain unauthorized access to user files and resources. The vulnerability does not require authentication, making it accessible to anyone with network access to the instance.
References
security@huntr.devhttps://huntr.com/bounties/d6b497d2-5c95-4abc-8033-04b8068fed65
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A stored cross-site scripting (XSS) vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch (cec2080). The vulnerability allows an attacker to upload HTML/XML files that can host arbitrary JavaScript payloads. These files are served with the \u0027application/xml\u0027 content type, which is automatically rendered by browsers. This can lead to the execution of arbitrary JavaScript in the context of the user\u0027s browser, potentially allowing attackers to steal cookies and gain unauthorized access to user files and resources. The vulnerability does not require authentication, making it accessible to anyone with network access to the instance."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en infiniflow/ragflow, que afecta a la \u00faltima confirmaci\u00f3n de la rama principal (cec2080). Esta vulnerabilidad permite a un atacante cargar archivos HTML/XML que pueden alojar payloads de JavaScript arbitrarias. Estos archivos se entregan con el tipo de contenido \u0027application/xml\u0027, que los navegadores procesan autom\u00e1ticamente. Esto puede provocar la ejecuci\u00f3n de JavaScript arbitrario en el contexto del navegador del usuario, lo que podr\u00eda permitir a los atacantes robar cookies y obtener acceso no autorizado a los archivos y recursos del usuario. La vulnerabilidad no requiere autenticaci\u00f3n, por lo que es accesible para cualquier persona con acceso a la red de la instancia."
    }
  ],
  "id": "CVE-2024-12870",
  "lastModified": "2025-03-20T10:15:31.210",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "security@huntr.dev",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-20T10:15:31.210",
  "references": [
    {
      "source": "security@huntr.dev",
      "url": "https://huntr.com/bounties/d6b497d2-5c95-4abc-8033-04b8068fed65"
    }
  ],
  "sourceIdentifier": "security@huntr.dev",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security@huntr.dev",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.