CVE-2024-52585 LOW

CVE-2024-52585: Autolab has HTML Injection Vulnerability

Vendor Autolab

Product Autolab

Weakness CWE-79 · XSS

Published November 18, 2024

Last update November 21, 2024

View on NVD All CVEs

CVSS base score

1.2/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

What the vulnerability does

01Description

Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing line 589 on `gradesheet.js.erb` to take in feedback as text rather than html.

Key dates

02Disclosure timeline

November 18, 2024 CVE published

November 21, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-52585

Related vulnerabilities

04Related CVE

CVE-2026-1440 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface CVE-2024-11199 Rescue Shortcodes <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via rescue_progressbar Shortcode CVE-2023-30496 WordPress Bus Ticket Booking with Seat Reservation Plugin <= 5.2.5 is vulnerable to Cross Site Scripting (XSS) CVE-2023-34184 WordPress Woocommerce Order address Print Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS) CVE-2019-25394 Smoothwall Express 3.1 'modem.cgi' Cross-Site Scripting