CVE-2024-36110 – ansibleguy-webui

Package

Manager: pip
Name: ansibleguy-webui
Vulnerable Version: >=0 <0.0.21

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00184 pctl0.40334

Details

ansibleguy-webui Cross-site Scripting vulnerability ### Impact Multiple forms in version <0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. ### Patches We recommend to upgrade to version >= [0.0.21](https://github.com/ansibleguy/webui/releases/tag/0.0.21) ### References * [Report](https://github.com/ansibleguy/webui/files/15358522/Report.pdf) * [GitHub Issue 44](https://github.com/ansibleguy/webui/issues/44)

Metadata

Created: 2024-05-28T21:23:42Z
Modified: 2024-06-03T18:29:23Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-927p-xrc2-x2gj/GHSA-927p-xrc2-x2gj.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-927p-xrc2-x2gj
Finding: F008
Auto approve: 1