Vulnerability DatabaseCVE-2024-51735

CVE-2024-51735:
Linux openSUSE vulnerability analysis and mitigation

Overview

Osmedeus, a Workflow Engine for Offensive Security, contains a Cross-site Scripting (XSS) vulnerability that affects its web server when viewing results from the workflow. The vulnerability was discovered in version 4.6.4 and earlier versions, with no patch currently available (GitHub Advisory).

Technical details

The vulnerability occurs when using a workflow containing the summary module, which generates reports in HTML and Markdown formats based on the general-template.md template. The issue stems from improper filtering of file contents when processing tags through the extendTag function in the markdown processing component. The vulnerability is specifically triggered when content length exceeds the MDCodeBlockLimit configuration (default 10,000 characters) (GitHub Advisory).

Impact

A successful exploitation of this vulnerability could allow attackers to execute arbitrary commands on the server through XSS payloads. The vulnerability can be leveraged to perform remote code execution (RCE) by injecting malicious JavaScript code that interacts with the server's API endpoints (GitHub Advisory).

Mitigation and workarounds

Currently, there is no official patch available for this vulnerability. Users are advised to add their own filtering mechanisms or reach out to the developer to aid in developing a patch (GitHub Advisory).

Additional resources

GitHub Advisory

Source: This report was generated using AI

Related Linux openSUSE vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-13470	HIGH	7.7	Linux Debian	rnp	No	Yes	Nov 21, 2025
CVE-2025-61915	MEDIUM	6	OpenPrinting CUPS	libcups2-32bit	No	Yes	Nov 29, 2025
CVE-2025-58436	MEDIUM	5.1	OpenPrinting CUPS	cups-devel	No	Yes	Nov 29, 2025
CVE-2025-9820	N/A	N/A	GnuTLS	gnutls28	No	Yes	Nov 21, 2025
CVE-2025-13402	N/A	N/A	Linux Fedora	librnp	No	Yes	Nov 21, 2025