CVE-2024-36110

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-79
View all →

Vulnerability Description

ansibleguy-webui is an open source WebUI for using Ansible. Multiple forms in versions < 0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. These issues have been addressed in version 0.0.21 (0.0.21.post2 on pypi). Users are advised to upgrade. There are no known workarounds for these issues.

Related Vulnerabilities

CVE-2016-8356

HIGH
CVSS:8.2(High)

An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabiliti...

CWE-792016

CVE-2017-2683

HIGH
CVSS:8.2(High)

A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining...

CWE-792017

CVE-2018-20850

HIGH
CVSS:8.2(High)

Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.

CWE-792018

CVE-2019-18426

HIGH
CVSS:8.2(High)

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnera...

CWE-792019

CVE-2020-14582

HIGH
CVSS:8.2(High)

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Registration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulne...

CWE-792020

CVE-2020-14584

HIGH
CVSS:8.2(High)

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable ...

CWE-792020