logo

Database

Reflected cross-site scripting (XSS) In ansibleguy-webui

Description

ansibleguy-webui Cross-site Scripting vulnerability

Impact

Multiple forms in version <0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser.

Patches

We recommend to upgrade to version >= 0.0.21

References

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-361102. NVD-2024-361103. OSV-2024-361104. GHSA-927p-xrc2-x2gj5. GCVE-2024-36110

References

1. https://github.com/ansibleguy/webui/security/advisories/GHSA-927p-xrc2-x2gj2. https://github.com/ansibleguy/webui/issues/443. https://github.com/ansibleguy/webui/commit/7737b47e7f7ddbfec7b1418c724598363718d5224. https://github.com/ansibleguy/webui/files/15358522/Report.pdf

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.