PT-2025-10606 · Lf Edge · Lf Edge Ekuiper

Themostknown

Published

2025-03-10

Updated

2025-03-15

CVE-2024-52812

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions LF Edge eKuiper versions prior to 2.0.8

Description The issue allows a user with modification rights to inject a cross-site scripting payload into the id parameter of a rule. When any user with access to the service makes modifications to the rule, the payload is executed in the victim's browser.

Recommendations For versions prior to 2.0.8, update to version 2.0.8 to resolve the issue. As a temporary workaround, consider restricting access to the rule modification functionality to minimize the risk of exploitation. Avoid using the id parameter in rules until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-52812

GHSA-6HRW-X7PR-4MP8

GO-2025-3508

OPENSUSE-SU-2025:14893-1

Affected Products

Lf Edge Ekuiper

PT-2025-10606 · Lf Edge · Lf Edge Ekuiper

CVE-2024-52812

Weakness Enumeration

Related Identifiers

Affected Products

References · 25