CVE-2024-52281Cross-site Scripting in Rancher

CWE-79Cross-site Scripting5 documents4 sources
Severity
8.9HIGHNVD
EPSS
0.0%
top 98.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse RancherGithub.com Rancher Rancher
Timeline
PublishedApr 16

Description

A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:LExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

CVEListV5suse/rancher2.9.02.9.4
Gogithub.com/rancher_rancher2.9.02.9.4

🔴Vulnerability Details

4
CVEList
Stored Cross-site Scripting vulnerability in Rancher UI2025-04-16
OSV
Rancher UI has Stored Cross-site Scripting vulnerability in github.com/rancher/rancher2025-01-15
OSV
Rancher UI has Stored Cross-site Scripting vulnerability2025-01-14
GHSA
Rancher UI has Stored Cross-site Scripting vulnerability2025-01-14