PT-2026-40844

Name of the Vulnerable Software and Affected Versions Argo CD versions prior to 3.2.12 Argo CD versions prior to 3.3.10 Argo CD versions prior to 3.4.2 Description A stored cross-site scripting XSS issue exists in the application Summary tab. A user with application write access developer role ca...

GO-2024-2646 Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. A malicious user to inject a javascript: link in the UI. When clicked by a victim...

Cross-site Scripting (XSS)

Argo CD is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper filtering of URL protocols in the application summary component, allowing a remote attacker with privileges to edit the application to execute Cross-Site Scripting...