CVE-2024-45061

Name of the Vulnerable Software and Affected Versions Observium CE version 24.4.13528

Description A cross-site scripting (XSS) issue exists in the weather map editor functionality. This can be exploited through a specially crafted HTTP request, leading to the execution of arbitrary JavaScript code. An authenticated user would need to click on a malicious link provided by the attacker to trigger the issue.

Recommendations For Observium CE version 24.4.13528, as a temporary workaround, consider disabling the weather map editor functionality until a patch is available. Restrict access to this feature to minimize the risk of exploitation. Avoid clicking on suspicious links to prevent arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.