Lucene search

GitHub Advisory DatabaseGHSA-927P-XRC2-X2GJ

HistoryMay 28, 2024 - 9:23 p.m.

ansibleguy-webui Cross-site Scripting vulnerability

2024-05-2821:23:42

CWE-79

GitHub Advisory Database

github.com

ansibleguy-webui

cross-site scripting

html injection

browser evaluation

upgrade

security patch

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

Impact

Multiple forms in version <0.0.21 allowed injection of HTML elements.
These are returned to the user after executing job actions and thus evaluated by the browser.

Patches

We recommend to upgrade to version >= 0.0.21

References

Affected configurations

Vulners

Node

ansibleguywebuiRange<0.0.21

CPENameOperatorVersion
ansibleguy-webuilt0.0.21

CPE	Name	Operator	Version
	ansibleguy-webui	lt	0.0.21