Home > Vulnerability Database > CVE-2024-36110

Mend.io Vulnerability Database

CVE-2024-36110

Good to know:

Date: May 28, 2024

ansibleguy-webui is an open source WebUI for using Ansible. Multiple forms in versions < 0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. These issues have been addressed in version 0.0.21 (0.0.21.post2 on pypi). Users are advised to upgrade. There are no known workarounds for these issues.

Language: Python

Severity Score

8.2

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-36110

Url: https://github.com/ansibleguy/webui/files/15358522/Report.pdf

Url: https://github.com/ansibleguy/webui

Url: https://github.com/ansibleguy/webui/security/advisories/GHSA-927p-xrc2-x2gj

Url: https://github.com/ansibleguy/webui/commit/7737b47e7f7ddbfec7b1418c724598363718d522

Url: https://github.com/ansibleguy/webui/issues/44

Url: https://www.mend.io/vulnerability-database/CVE-2024-36110

Severity Score

8.2

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version ansibleguy-webui - 0.0.21

Learn More

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-36110

Good to know:

Date: May 28, 2024

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?