CVE-2024-52763: 
Linux Debian vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was discovered in Ganglia-web versions 3.73 to 3.75, specifically affecting the component /graphallperiods.php. The vulnerability allows attackers to execute arbitrary web scripts or HTML through a crafted payload injected into the 'g' parameter (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The issue stems from insufficient input validation in the graphallperiods.php component, where the 'g' parameter can be manipulated to inject malicious scripts (NVD).

When successfully exploited, this vulnerability allows attackers to execute arbitrary web scripts or HTML in the context of the user's browser session. This can lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the affected user's session (NVD).

The vulnerability affects Ganglia-web versions 3.73 to 3.75. Users running affected versions should upgrade to version 3.7.6 or later when available. Currently, Debian distributions including bullseye, bookworm, sid, and trixie are marked as vulnerable to this issue (Debian Tracker).