CVE-2025-5198 — Cross-site Scripting in Redhat Advanced Cluster Security

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

CNA5.0

EPSS

0.1%

top 67.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Advanced Cluster Security

Timeline

PublishedMay 27

Description

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDredhat/advanced_cluster_security4.0

🔴Vulnerability Details

CVEList

Stackrox: xss in stackrox↗2025-05-27

▶

GHSA

GHSA-fcj3-9fc8-9489: A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells↗2025-05-27

▶

📋Vendor Advisories

Red Hat

stackrox: XSS in Stackrox↗2025-05-26

▶