CVE-2022-3205

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.5%

top 33.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ansible Automation Platform

Timeline

PublishedSep 13

Latest updateSep 14

Description

Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 2.1 | Impact: 2.5

Affected Packages1 packages

▶NVDredhat/ansible_automation_platform1.2, 2.0+1

🔴Vulnerability Details

GHSA

GHSA-24jx-rfj6-x4mp: An XSS exists in automation controller UI where the project name is susceptible to XSS injection↗2022-09-14

▶

CVEList

Controller: cross site scripting in automation controller ui↗2022-09-13

▶

📋Vendor Advisories

Red Hat

Controller: Cross site scripting in automation controller UI↗2022-08-23

▶