CVE-2024-47090: 
Linux Debian vulnerability analysis and mitigation

CVE-2024-47090 is a Cross-Site Scripting (XSS) vulnerability discovered in NagVis versions before 1.9.47. The vulnerability stems from improper neutralization of input during web page generation, specifically through the WYSIWYG editor functionality (NagVis Changelog, CVE Details).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has been assigned a CVSS 4.0 Base Score of 5.1 (Medium) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. The issue specifically relates to the WYSIWYG editor functionality, where input was not properly sanitized (NVD).

The vulnerability could allow attackers to execute cross-site scripting attacks through the WYSIWYG editor functionality. The impact is considered medium severity, with potential for limited confidentiality and integrity breaches (NVD).

The vulnerability has been patched in NagVis version 1.9.47. The fix includes moving the option to edit these elements to a specific permission, and by default, only administrators can use the WYSIWYG editor (NagVis Changelog).