{"id":"CVE-2024-54160","details":"dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer.","modified":"2026-07-08T07:12:21.083545459Z","published":"2025-02-12T00:00:00Z","database_specific":{"cna_assigner":"mitre","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"fixed":"2.19"}]},{"source":"DESCRIPTION","extracted_events":[{"fixed":"2.19"}]}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/54xxx/CVE-2024-54160.json","cwe_ids":["CWE-79"]},"references":[{"type":"WEB","url":"https://github.com/opensearch-project/dashboards-reporting/compare/2.18.0.0...2.19.0.0"},{"type":"WEB","url":"https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.19.0.md"},{"type":"WEB","url":"https://opensearch.org/releases.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/54xxx/CVE-2024-54160.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54160"},{"type":"FIX","url":"https://github.com/opensearch-project/dashboards-reporting/pull/476"},{"type":"PACKAGE","url":"https://github.com/Jflye/CVE-2024-54160--Opensearch-HTML-Injection"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opensearch-project/dashboards-reporting","events":[{"introduced":"0"},{"fixed":"d1b2f1f3dfcdc90d1da2bb92360112384b5a13ba"}],"database_specific":{"source":"DESCRIPTION","extracted_events":[{"introduced":"0"},{"fixed":"2.19.0.0"}]}},{"type":"GIT","repo":"https://github.com/opensearch-project/opensearch-build","events":[{"introduced":"0"},{"fixed":"58c499356b52e438ff2cbf71a75e893c99357d5d"}],"database_specific":{"source":"DESCRIPTION","extracted_events":[{"introduced":"0"},{"fixed":"2.19"}]}}],"versions":["2.15.0.0","2.13.0.0","1.3.20","2.18.0","2.17.1","2.17.0","1.3.19","2.16.0","1.3.18","2.15.0","1.3.17","2.14.0","1.3.16","2.13.0","1.3.15","2.12.0","1.3.14","2.11.1","2.11.0","2.10.0","1.3.13","1.3.12","2.9.0","1.3.11","2.8.0","1.3.10","2.7.0","1.3.9","2.6.0","1.3.8","2.5.0","2.4.0","1.3.6","2.3.0","2.2.1","1.3.5","1.3.4","2.1.0","2.0.1","1.3.3","2.0.0","1.3.2","2.0.0-rc1","1.3.1","1.3.0","1.2.4","1.2.3","1.2.2","1.2.1","1.2.0","1.1.0","1.0.1","1.0.0","1.0.0-rc1","1.0.0-beta1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-54160.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}]}