CVE-2024-52762: 
Linux Debian vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability has been identified in Ganglia-web versions 3.73 to 3.76, specifically in the component /master/header.php. The vulnerability was discovered on November 19, 2024, and is tracked as CVE-2024-52762. The affected software component is the Ganglia-web monitoring system (NVD, MITRE).

The vulnerability exists in the /master/header.php component where attackers can execute arbitrary web scripts or HTML through a crafted payload injected into the 'tz' parameter. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction to exploit (NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary web scripts or HTML in the context of the targeted application. This could potentially lead to theft of sensitive information, session hijacking, or other malicious actions within the context of the affected web application (NVD).

Currently, there is no official patch available for this vulnerability. Users of affected versions (3.73 to 3.76) should monitor for updates from the Ganglia-web project and consider implementing web application firewall rules to filter potentially malicious input to the 'tz' parameter (Debian Tracker).