CVE-2024-29183 – OpenRASP vulnerable to a reflected Cross-Site Scripting (XSS) attack in /login

https://notcve.org/view.php?id=CVE-2024-29183

OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of a user after the user logins with their account. OpenRASP es una solución RASP que integra directamente su motor de protección en el servidor de aplicaciones mediante instrumentación. Existe un XSS reflejado en la página /login debido a un reflejo del parámetro de redirección. • https://github.com/baidu/openrasp/commit/240fde3901c7a36aaade3683ffd5c89140a535fb https://securitylab.github.com/advisories/GHSL-2023-253_openrasp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •