CVE-2024-36110
8.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
Summary
ansibleguy-webui is an open source WebUI for using Ansible. Multiple forms in versions < 0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. These issues have been addressed in version 0.0.21 (0.0.21.post2 on pypi). Users are advised to upgrade. There are no known workarounds for these issues.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ansibleguy | webui | < 0.0.21 | affected |
Weaknesses
- CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://github.com/ansibleguy/webui/security/advisories/GHSA-927p-xrc2-x2gj
- https://github.com/ansibleguy/webui/issues/44
- https://github.com/ansibleguy/webui/commit/7737b47e7f7ddbfec7b1418c724598363718d522
- https://github.com/ansibleguy/webui/files/15358522/Report.pdf
References
- https://github.com/ansibleguy/webui/security/advisories/GHSA-927p-xrc2-x2gj
- https://github.com/ansibleguy/webui/issues/44
- https://github.com/ansibleguy/webui/commit/7737b47e7f7ddbfec7b1418c724598363718d522
- https://github.com/ansibleguy/webui/files/15358522/Report.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.