CVE-2024-6585

Name of the Vulnerable Software and Affected Versions Lightdash version 0.1024.6

Description Multiple stored cross-site scripting (XSS) vulnerabilities in the markdown dashboard and dashboard comment functionality allow remote authenticated threat actors to inject malicious scripts into vulnerable web pages. A threat actor could potentially exploit this vulnerability to store malicious JavaScript which executes in the context of a user’s session with the application.

Recommendations For version 0.1024.6, consider upgrading to a newer version to mitigate the risk of compromised user data and sessions. As a temporary workaround, restrict access to the markdown dashboard and dashboard comment functionality to minimize the risk of exploitation. Avoid using the vulnerable functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.