CVE-2024-51735 – Stored Cross-site Scripting to RCE on Osmedeus Web Server
https://notcve.org/view.php?id=CVE-2024-51735
Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting (XSS) occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdown formats. The default report is based on the `general-template.md` template.The contents of the files are read and used to generate the report. However, the file contents are not properly filtered, leading to XSS. • https://github.com/j3ssie/osmedeus/security/advisories/GHSA-wvv7-wm5v-w2gv • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •