CVE-2024-36110: ansibleguy-webui Cross-site Scripting vulnerability
Multiple forms in version <0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser.
References
- github.com/advisories/GHSA-927p-xrc2-x2gj
- github.com/ansibleguy/webui
- github.com/ansibleguy/webui/commit/7737b47e7f7ddbfec7b1418c724598363718d522
- github.com/ansibleguy/webui/files/15358522/Report.pdf
- github.com/ansibleguy/webui/security/advisories/GHSA-927p-xrc2-x2gj
- nvd.nist.gov/vuln/detail/CVE-2024-36110
Code Behaviors & Features
Detect and mitigate CVE-2024-36110 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →