Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-42346 PoC — Stored Cross Site Scripting (Stored XSS) in Galaxy

Source
https://github.com/partywavesec/CVE-2024-42346
Associated Vulnerability
Title:Stored Cross Site Scripting (Stored XSS) in Galaxy (CVE-2024-42346)
Description:Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All supported branches of Galaxy (and more back to release_20.05) were amended with the supplied patches. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Description
CVE-2024-42346 POC
Readme
# CVE-2024-42346

CVE-2024-42346 video:

https://github.com/user-attachments/assets/e5e82cfa-d96c-44b2-bc84-0149022e5508

Read more things on:

![https://www.partywave.site/](https://www.partywave.site/)
File Snapshot

 [4.0K]  /data/pocs/4c9dedc16ab73ea921043f70d1a492d2ad8aaf01
└── [ 205]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →