{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T07:41:29.001","vulnerabilities":[{"cve":{"id":"CVE-2024-52812","sourceIdentifier":"security-advisories@github.com","published":"2025-03-10T18:15:29.207","lastModified":"2026-06-17T08:07:40.327","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to this service (e.g. admin) tries make any modifications with the rule (update, run, stop, delete), a payload acts in the victim's browser. Version 2.0.8 fixes the issue."},{"lang":"es","value":"LF Edge eKuiper es un motor de procesamiento de flujo y análisis de datos de Internet de las cosas. Antes de la versión 2.0.8, un usuario con derechos para modificar el servicio (por ejemplo, el rol kuiperUser) puede inyectar un payload de cross-site scripting en el parámetro `id` de la regla. Luego, después de que cualquier usuario con acceso a este servicio (por ejemplo, administrador) intente realizar modificaciones con la regla (actualizar, ejecutar, detener, eliminar), un payload actúa en el navegador de la víctima. La versión 2.0.8 soluciona el problema."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"lf-edge","product":"ekuiper","versions":[{"version":"< 2.0.8","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-11T20:12:43.168456Z","id":"CVE-2024-52812","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L681","source":"security-advisories@github.com"},{"url":"https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L716","source":"security-advisories@github.com"},{"url":"https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L735","source":"security-advisories@github.com"},{"url":"https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L794","source":"security-advisories@github.com"},{"url":"https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L809","source":"security-advisories@github.com"},{"url":"https://github.com/lf-edge/ekuiper/blob/dbce32d5a195cf1de949b3a6a4e29f0df0f3330d/internal/server/rest.go#L824","source":"security-advisories@github.com"},{"url":"https://github.com/lf-edge/ekuiper/releases/tag/v2.0.8","source":"security-advisories@github.com"},{"url":"https://github.com/lf-edge/ekuiper/security/advisories/GHSA-6hrw-x7pr-4mp8","source":"security-advisories@github.com"}]}}]}