CVE-2021-25313

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-25313

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25313.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-25313

Aliases

GHSA-6m8r-jh89-rq7h

Published

2021-03-05T09:15:13.503Z

Modified

2025-11-20T11:36:27.312186Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6.

References

Affected packages

Git / github.com/rancher/rancher

Affected ranges

Type: GIT
Repo: https://github.com/rancher/rancher
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

65f7c844267bf7336a38ee6ea3e0e63af9e21274

Affected versions

v2.*

v2.0.0

v2.0.0-alpha11

v2.0.0-alpha12

v2.0.0-alpha14

v2.0.0-alpha17

v2.0.0-alpha18

v2.0.0-alpha19

v2.0.0-alpha20

v2.0.0-alpha21

v2.0.0-alpha22

v2.0.0-alpha23

v2.0.0-alpha24

v2.0.0-alpha25

v2.0.0-alpha26

v2.0.0-alpha27

v2.0.0-alpha28

v2.0.0-beta1

v2.0.0-beta2

v2.0.0-beta3

v2.0.0-beta3-rc1

v2.0.0-beta4

v2.0.0-beta4-rc1

v2.0.0-beta4-rc2

v2.0.0-beta4-rc3

v2.0.0-beta4-rc4

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.0-rc4

v2.0.0-rc5

v2.0.1

v2.0.1-rc1

v2.0.1-rc2

v2.0.1-rc3

v2.0.1-rc4

v2.0.1-rc5

v2.0.1-rc6

v2.0.2

v2.0.2-rc1

v2.0.3

v2.0.3-rc1

v2.0.3-rc2

v2.0.3-rc3

v2.0.3-rc4

v2.0.3-rc5

v2.0.4

v2.0.4-rc1

v2.0.5

v2.0.5-rc1

v2.0.5-rc2

v2.0.5-rc3

v2.0.5-rc4

v2.0.5-rc5

v2.0.5-rc6

v2.0.6

v2.0.6-rc1

v2.0.6-rc2

v2.0.7

v2.0.7-rc1

v2.0.7-rc2

v2.0.7-rc3

v2.0.7-rc4

v2.0.7-rc5

v2.0.7-rc6

v2.0.8

v2.0.8-rc2

v2.0.8-rc3

v2.0.8-rc4

v2.0.8-rc5

v2.0.8-rc6

v2.1.0

v2.1.0-rc1

v2.1.0-rc10

v2.1.0-rc2

v2.1.0-rc3

v2.1.0-rc4

v2.1.0-rc5

v2.1.0-rc6

v2.1.0-rc7

v2.1.0-rc8

v2.1.0-rc9

v2.2.0

v2.2.0-rc1

v2.2.0-rc10

v2.2.0-rc11

v2.2.0-rc12

v2.2.0-rc13

v2.2.0-rc14

v2.2.0-rc15

v2.2.0-rc2

v2.2.0-rc3

v2.2.0-rc4

v2.2.0-rc5

v2.2.0-rc6

v2.2.0-rc7

v2.2.0-rc8

v2.2.0-rc9

v2.3.0-alpha4

v2.3.0-alpha5

v2.3.0-alpha6

v2.3.0-alpha7

v2.3.0-rc1

v2.3.0-rc10

v2.3.0-rc2

v2.3.0-rc3

v2.3.0-rc4

v2.3.0-rc5

v2.3.0-rc6

v2.3.0-rc7

v2.3.0-rc8

v2.3.0-rc9

v2.3.7-draft

v2.4.0-alpha1

v2.4.0-rc1

v2.4.0-rc10

v2.4.0-rc11

v2.4.0-rc2

v2.4.0-rc3

v2.4.0-rc4

v2.4.0-rc5

v2.4.0-rc6

v2.4.0-rc7

v2.4.0-rc8

v2.4.0-rc9

v2.5.0

v2.5.0-alpha1

v2.5.0-alpha2

v2.5.0-alpha3

v2.5.0-alpha4

v2.5.0-alpha5

v2.5.0-rc1

v2.5.0-rc2

v2.5.0-rc3

v2.5.0-rc4

v2.5.0-rc5

v2.5.0-rc6

v2.5.0-rc7

v2.5.0-rc8

v2.5.0-rc9

v2.5.1

v2.5.1-rc1

v2.5.2

v2.5.2-rc

v2.5.2-rc1

v2.5.2-rc10

v2.5.2-rc2

v2.5.2-rc3

v2.5.2-rc4

v2.5.2-rc5

v2.5.2-rc6

v2.5.2-rc7

v2.5.2-rc8

v2.5.2-rc9

v2.5.4

v2.5.4-rc1

v2.5.4-rc2

v2.5.4-rc3

v2.5.4-rc4

v2.5.4-rc5

v2.5.4-rc6

v2.5.4-rc7

v2.5.4-rc8

v2.5.4-rc9

v2.5.6-rc1

v2.5.6-rc2

v2.5.6-rc3

v2.5.6-rc4

v2.5.6-rc5

v2.5.6-rc6

v2.5.6-rc7

v2.5.6-rc8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25313.json"