Headline

GHSA-927p-xrc2-x2gj: ansibleguy-webui Cross-site Scripting vulnerability

Impact

Multiple forms in version <0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser.

Patches

We recommend to upgrade to version >= 0.0.21

References

4 months ago

ghsa

Open in Source

#xss #vulnerability #web #git #pdf

Navigation Menu

CVE-2024-36110

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

Explore

*   All features
*   Documentation
*   GitHub Skills
*   Blog

For
- Enterprise
- Teams
- Startups
- Education
By Solution
- CI/CD & Automation
- DevOps
- DevSecOps
Resources
- Learning Pathways
- White papers, Ebooks, Webinars
- Customer Stories
- Partners
- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

Repositories

*   Topics
*   Trending
*   Collections

Pricing

Search code, repositories, users, issues, pull requests…

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches****Use saved searches to filter your results more quickly

GitHub Advisory Database
GitHub Reviewed
CVE-2024-36110

ansibleguy-webui Cross-site Scripting vulnerability

High severity GitHub Reviewed Published May 28, 2024 in ansibleguy/webui

Vulnerability details Dependabot alerts 0

Package

pip ansibleguy-webui (pip)

Affected versions

< 0.0.21

Patched versions

0.0.21

Description

Impact

Multiple forms in version <0.0.21 allowed injection of HTML elements.
These are returned to the user after executing job actions and thus evaluated by the browser.

Patches

We recommend to upgrade to version >= 0.0.21

References