Security Advisory

CVE-2024-6585

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-08-30 22:17:28
Last updated 2024-09-03 14:52:05
Assigner Mandiant
State PUBLISHED

Description

Multiple stored cross-site scripting (“XSS”) vulnerabilities in the markdown dashboard and dashboard comment functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A threat actor could potentially exploit this vulnerability to store malicious JavaScript which executes in the context of a user’s session with the application.