Description
Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting (XSS) attack in the `name` attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code with the permission of a victim. XSS attacks are often used to steal credentials or login tokens of other users. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-03-12
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-25267 Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting (XSS) attack in the `name` attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code with the permission of a victim. XSS attacks are often used to steal credentials or login tokens of other users. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
History

Thu, 20 Feb 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Peering-manager
Peering-manager peering Manager
CPEs cpe:2.3:a:peeringmanager:peering_manager:*:*:*:*:*:*:*:* cpe:2.3:a:peering-manager:peering_manager:*:*:*:*:*:*:*:*
Vendors & Products Peeringmanager
Peeringmanager peering Manager
Peering-manager
Peering-manager peering Manager

Thu, 13 Feb 2025 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Peeringmanager
Peeringmanager peering Manager
CPEs cpe:2.3:a:peeringmanager:peering_manager:*:*:*:*:*:*:*:*
Vendors & Products Peeringmanager
Peeringmanager peering Manager

Subscriptions

Peering-manager Peering Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-26T14:03:19.025Z

Reserved: 2024-03-04T14:19:14.059Z

Link: CVE-2024-28112

cve-icon Vulnrichment

Updated: 2024-08-02T00:48:49.192Z

cve-icon NVD

Status : Analyzed

Published: 2024-03-12T20:15:07.730

Modified: 2025-02-20T17:25:58.783

Link: CVE-2024-28112

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses