Skip to content

ansibleguy-webui Cross-site Scripting vulnerability

High severity GitHub Reviewed Published May 28, 2024 in ansibleguy/webui • Updated Jun 3, 2024

Package

pip ansibleguy-webui (pip)

Affected versions

< 0.0.21

Patched versions

0.0.21

Description

Impact

Multiple forms in version <0.0.21 allowed injection of HTML elements.
These are returned to the user after executing job actions and thus evaluated by the browser.

Patches

We recommend to upgrade to version >= 0.0.21

References

References

@ansibleguy ansibleguy published to ansibleguy/webui May 28, 2024
Published by the National Vulnerability Database May 28, 2024
Published to the GitHub Advisory Database May 28, 2024
Reviewed May 28, 2024
Last updated Jun 3, 2024

Severity

High
8.2
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
Low
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

Weaknesses

CVE ID

CVE-2024-36110

GHSA ID

GHSA-927p-xrc2-x2gj

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.