CVE-2024-52290 – LF Edge eKuiper Cross-Site Scripting (XSS)

May 14, 2025

CVE ID : CVE-2024-52290

Published : May 14, 2025, 8:15 a.m. | 35 minutes ago

Description : LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`confKey`) parameter. After this setup, when any user with access to this service (e.g. admin) tries to delete this key, a payload acts in the victim’s browser. Version 2.1.0 fixes the issue.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-0020 – ArcGIS OAuth 2.0 API Authentication Privilege Abuse Vulnerability

Next Article Linus Torvalds torna alla tastiera meccanica: il valore del feedback nella digitazione per chi sviluppa

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

I flew Insta360’s new ‘Antigravity’ drone around Los Angeles, and it was impossible to miss a shot

The $100 open-ear headphones that made me forget about my Shokz

5 quick and simple ways to greatly improve the quality of your headphones

Installing a UPS battery backup saved my work PC – here’s the full story

Maintaining Data Consistency with Laravel Database Transactions

Maintaining Data Consistency with Laravel Database Transactions

Building a Multi-Step Form With Laravel, Livewire, and MongoDB

Inertia Releases a New Form Component

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Take-Two hints at $100 price tag for Grand Theft Auto VI — will it deliver on value?

ChatGPT Go offers GPT-5, image creation, and longer memory — all for $5 (if you’re lucky enough to live where it’s available)

CVE-2024-52290 – LF Edge eKuiper Cross-Site Scripting (XSS)

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

Zero Trust + AI: Privacy in the Age of Agentic AI

Node.js Streams with TypeScript

Why Spreadsheets Need Better Coding Support

ROG Xbox Ally Price Leak Suggests Microsoft’s Handheld Won’t Be Cheap

Over 20 Malicious Crypto Wallet Apps Found on Google Play, CRIL Warns

CVE-2025-53502 – WikiMedia Mediawiki FeaturedFeeds Extension Cross-Site Scripting (XSS) Vulnerability

CVE-2025-53514 – Mattermost Confluence Plugin Denial of Service (DoS)

CVE-2024-13427 – WordPress Pagelayer Stored Cross-Site Scripting

CVE-2025-4174 – PHPGurukul COVID19 Testing Management System SQL Injection Vulnerability

CVE-2024-52290 – LF Edge eKuiper Cross-Site Scripting (XSS)

Related Posts