8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.6%
Multiple forms in version <0.0.21 allowed injection of HTML elements.
These are returned to the user after executing job actions and thus evaluated by the browser.
We recommend to upgrade to version >= 0.0.21
CPE | Name | Operator | Version |
---|---|---|---|
ansibleguy-webui | lt | 0.0.21 |
github.com/advisories/GHSA-927p-xrc2-x2gj
github.com/ansibleguy/webui/commit/7737b47e7f7ddbfec7b1418c724598363718d522
github.com/ansibleguy/webui/files/15358522/Report.pdf
github.com/ansibleguy/webui/issues/44
github.com/ansibleguy/webui/security/advisories/GHSA-927p-xrc2-x2gj
nvd.nist.gov/vuln/detail/CVE-2024-36110
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.6%