PT-2026-40844

Name of the Vulnerable Software and Affected Versions Argo CD versions prior to 3.2.12 Argo CD versions prior to 3.3.10 Argo CD versions prior to 3.4.2 Description A stored cross-site scripting XSS issue exists in the application Summary tab. A user with application write access developer role ca...

The vulnerability of the Application Summary component of the GitOps continuous delivery tool for Kubernetes Argo CD allows attackers to perform XSS attacks.

The vulnerability of the Application Summary component of the GitOps continuous delivery tool for Kubernetes Argo CD exists because measures to protect the website structure have not been taken. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a specially...

GO-2024-2646 Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. A malicious user to inject a javascript: link in the UI. When clicked by a victim...

Cross-site Scripting (XSS)

Argo CD is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper filtering of URL protocols in the application summary component, allowing a remote attacker with privileges to edit the application to execute Cross-Site Scripting...