CVE-2024-52281

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-52281

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52281.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-52281

Aliases

Downstream

SUSE-SU-2025:0297-1

openSUSE-SU-2025:14653-1

Related

Published

2025-04-16T09:15:27.620Z

Modified

2026-04-10T05:15:01.999446Z

Severity

8.9 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L CVSS Calculator

Summary

[none]

Details

A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4.

References

Affected packages

Git / github.com/rancher/rancher

Affected ranges

Type

GIT

Repo

https://github.com/rancher/rancher

Events

Introduced

9e0cc54e7e3a924cf0ed5c5d4db0a6e53805c75e

Fixed

4ec728e8aae3e51c86cf599d1618c555fd806ce8

Database specific

{
    "versions": [
        {
            "introduced": "2.9.0"
        },
        {
            "fixed": "2.9.4"
        }
    ]
}

Affected versions

v2.*

v2.9.0

v2.9.0-rc6

v2.9.1

v2.9.1-alpha1

v2.9.1-alpha2

v2.9.1-rc1

v2.9.1-rc2

v2.9.1-rc3

v2.9.1-rc4

v2.9.1-rc5

v2.9.1-rc6

v2.9.2

v2.9.2-alpha1

v2.9.2-alpha2

v2.9.2-alpha3

v2.9.2-alpha4

v2.9.2-alpha5

v2.9.2-alpha6

v2.9.2-alpha7

v2.9.2-rc1

v2.9.3

v2.9.3-alpha1

v2.9.3-alpha2

v2.9.3-alpha3

v2.9.3-alpha4

v2.9.3-alpha5

v2.9.3-alpha6

v2.9.3-alpha7

v2.9.3-rc1

v2.9.3-rc2

v2.9.4-alpha1

v2.9.4-alpha2

v2.9.4-alpha3

v2.9.4-alpha4

v2.9.4-alpha5

v2.9.4-rc1

v2.9.4-rc2

v2.9.4-rc3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52281.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "the"
            }
        ]
    }
]