CVE-2024-36110

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36110
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36110.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-36110
Aliases
Published
2024-05-28T18:33:56Z
Modified
2025-10-29T19:59:16.100931Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L CVSS Calculator
Summary
Cross-site scripting in ansibleguy-webui
Details

ansibleguy-webui is an open source WebUI for using Ansible. Multiple forms in versions < 0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. These issues have been addressed in version 0.0.21 (0.0.21.post2 on pypi). Users are advised to upgrade. There are no known workarounds for these issues.

Database specific 
{
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/ansibleguy/webui

Affected ranges

Type
GIT
Repo
https://github.com/ansibleguy/webui
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
85736044c860b6b51930ccd80072c277d2ed6c99
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.0.21"
        }
    ]
}

Affected versions

0.*

0.0.11
0.0.12
0.0.13
0.0.14
0.0.15
0.0.16
0.0.17
0.0.18
0.0.19
0.0.20
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8
0.0.9

Git / github.com/o-x-l/ansible-webui-v0

Affected ranges

Type
GIT
Repo
https://github.com/o-x-l/ansible-webui-v0
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7737b47e7f7ddbfec7b1418c724598363718d522

Affected versions

0.*

0.0.11
0.0.12
0.0.13
0.0.14
0.0.15
0.0.16
0.0.17
0.0.18
0.0.19
0.0.20
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8
0.0.9