CVE-2024-36110 HIGH

CVE-2024-36110: Cross-site scripting in ansibleguy-webui

Vendor Ansibleguy

Product webui

Weakness CWE-79 · XSS

Published May 28, 2024

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

8.2/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

What the vulnerability does

01Description

ansibleguy-webui is an open source WebUI for using Ansible. Multiple forms in versions < 0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. These issues have been addressed in version 0.0.21 (0.0.21.post2 on pypi). Users are advised to upgrade. There are no known workarounds for these issues.

Key dates

02Disclosure timeline

May 28, 2024 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-36110

Related vulnerabilities

CVE-2024-36110: Cross-site scripting in ansibleguy-webui

01Description

02Disclosure timeline

03References

04Related CVE