{"id":"CVE-2024-41675","summary":"CKAN has a Cross-site Scripting vector in the Datatables view plugin","details":"CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN \u003e= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0.","aliases":["GHSA-r3jc-vhf4-6v32"],"modified":"2026-04-10T05:15:51.191918Z","published":"2024-08-21T14:34:31.424Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41675.json","cwe_ids":["CWE-79"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41675.json"},{"type":"ADVISORY","url":"https://github.com/ckan/ckan/security/advisories/GHSA-r3jc-vhf4-6v32"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41675"},{"type":"FIX","url":"https://github.com/ckan/ckan/commit/9e89ce8220ab1445e0bd85a67994a51d9d3d2688"},{"type":"FIX","url":"https://github.com/ckan/ckan/commit/d7dfe8c427b1c63c75d788a609f3b7d7620a25a1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ckan/ckan","events":[{"introduced":"638262b96feef48e56da0d95f8dd3686092c5ae3"},{"fixed":"66abe426634625b9cad7a67728e481f554436412"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41675.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"}]}