PT-2024-35382 · Autolab · Autolab
Jessehartloff
·
Published
2024-11-18
·
Updated
2025-01-21
·
CVE-2024-52585
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Autolab version 3.0.1
Description
The issue concerns an HTML injection vulnerability that can affect instructors and CAs on the grade submissions page. This vulnerability is patched in version 3.0.2.
Recommendations
For Autolab version 3.0.1, apply the patch manually by editing line 589 on
gradesheet.js.erb to take in feedback as text rather than html.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Autolab