CVE-2024-42346 - Galaxy Editor Visualization JS Injection Vulnerability

2 months ago 23
ARTICLE AD BOX
CVE ID : CVE-2024-42346
Published : Sept. 20, 2024, 7:15 p.m. | 24 minutes ago
Description : Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All supported branches of Galaxy (and more back to release_20.05) were amended with the supplied patches. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article