← back
CVE-2021-25313

Rancher: XSS on /v3/cluster/

CVSS 7.1 HIGHEPSS 1.5%CWE-79
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Affected products
SUSE · Rancher

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.suse.com/show_bug.cgi?id=1181852https://github.com/rancher/rancher/issues/31583https://github.com/rancher/rancher/releases/tag/v2.5.6