2 matches found
CVE-2022-38790
Summary : CVE-2022-38790 affects Weave GitOps Enterprise before 0.9.0-rc.5 with a cross-site scripting (XSS) vulnerability in the UI. An attacker can inject a javascript: link into the UI, which, when clicked by a victim, executes with the victim’s permissions. The exposure is surfaced in the Git...
CVE-2022-38790
Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluste...