PYSEC-2026-1126

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/ansibleguy-webui/PYSEC-2026-1126.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1126
Aliases
Published
2026-07-07T11:45:43.764203Z
Modified
2026-07-07T17:46:20.960532229Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L CVSS Calculator
Summary
ansibleguy-webui Cross-site Scripting vulnerability
Details

Impact

Multiple forms in version <0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser.

Patches

We recommend to upgrade to version >= 0.0.21

References

References

Affected packages

PyPI / ansibleguy-webui

Package

Name
ansibleguy-webui
View open source insights on deps.dev
Purl
pkg:pypi/ansibleguy-webui

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.0.21

Affected versions

0.*
0.0.15
0.0.16
0.0.17
0.0.18
0.0.19
0.0.20

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/ansibleguy-webui/PYSEC-2026-1126.yaml"