Unknown · Dashboards-Reporting · CVE-2024-54160
**Name of the Vulnerable Software and Affected Versions**
dashboards-reporting versions prior to 2.19.0.0
OpenSearch versions prior to 2.19
**Description**
The issue allows cross-site scripting (XSS) because Markdown is not sanitized when previewing a header or footer. This occurs in dashboards-reporting, also known as Dashboards Reports, as shipped in OpenSearch.
**Recommendations**
For dashboards-reporting versions prior to 2.19.0.0, update to version 2.19.0.0 or later.
For OpenSearch versions prior to 2.19, update to version 2.19 or later.
As a temporary workaround, consider disabling the preview feature for headers and footers until a patch is available.