GHSA-927p-xrc2-x2gj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-927p-xrc2-x2gj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-927p-xrc2-x2gj/GHSA-927p-xrc2-x2gj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-927p-xrc2-x2gj
- Aliases
- Published
- 2024-05-28T21:23:42Z
- Modified
- 2024-06-03T18:49:22.881186Z
- Severity
-
- 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L CVSS Calculator
- Summary
- ansibleguy-webui Cross-site Scripting vulnerability
- Details
-
Impact
Multiple forms in version <0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser.
Patches
We recommend to upgrade to version >= 0.0.21
References
- Database specific
{ "nvd_published_at": "2024-05-28T19:15:11Z", "github_reviewed": true, "github_reviewed_at": "2024-05-28T21:23:42Z", "cwe_ids": [ "CWE-79" ], "severity": "HIGH" }- References
-
- https://github.com/ansibleguy/webui/security/advisories/GHSA-927p-xrc2-x2gj
- https://nvd.nist.gov/vuln/detail/CVE-2024-36110
- https://github.com/ansibleguy/webui/issues/44
- https://github.com/ansibleguy/webui/commit/7737b47e7f7ddbfec7b1418c724598363718d522
- https://github.com/ansibleguy/webui
- https://github.com/ansibleguy/webui/files/15358522/Report.pdf
Affected packages
PyPI / ansibleguy-webui
Package
- Name
- ansibleguy-webui
- View open source insights on deps.dev
- Purl
- pkg:pypi/ansibleguy-webui