Ckan
CVE-2024-41675
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0.
AnalysisAI
CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0. Affected products include: Okfn Ckan.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
CKAN is an open-source data management system for powering data hubs and data portals. Rated critical severity (CVSS 9.8
CKAN is an open-source data management system for powering data hubs and data portals. Rated high severity (CVSS 8.8), t
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request.
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Rated high severity (CVSS 7
CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.5),
CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.5),
In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile pictur
CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 5.3),
A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. Rate
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today