CVE-2024-39272 – ClearML Enterprise Server Cross-Site Scripting

The following table lists the changes that have been made to the CVE-2024-39272 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Feb. 06, 2025

    Action Type Old Value New Value
    Added Description A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability.
    Added CVSS V3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
    Added CWE CWE-79
    Added Reference https://talosintelligence.com/vulnerability_reports/TALOS-2024-2110

نوشته های مشابه

CVE-2025-22992 – Emoncms SQL Injection

CVE-2024-47258 – 2N Access Commander TLS Certificate Verification Weakness

CVE-2025-24981 – Vue Markdown Converter (MDC) Angular JavaScript XSS

CVE-2025-24786 – WhoDB Path Traversal SQL Injection Vulnerability