CVE-2021-25313 — Cross-site Scripting in Rancher

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

CNA7.1

EPSS

0.6%

top 29.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Rancher Github.com Rancher Rancher

Timeline

PublishedMar 5

Latest updateMay 24

Description

A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5suse/rancherRancher — 2.5.6

▶NVDsuse/rancher< 2.5.6

▶Gogithub.com/rancher_rancher2.5.0 — 2.5.6+2

🔴Vulnerability Details

GHSA

Rancher Cross-site Scripting Vulnerability↗2022-05-24

▶

OSV

Rancher Cross-site Scripting Vulnerability↗2022-05-24

▶

CVEList

Rancher: XSS on /v3/cluster/↗2021-03-05

▶