Vulnerability Description
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Suse | Rancher | < 2.5.6 |
Related Weaknesses (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=1181852Issue TrackingVendor Advisory
- https://github.com/rancher/rancher/issues/31583Issue TrackingThird Party Advisory
- https://github.com/rancher/rancher/releases/tag/v2.5.6Release NotesThird Party Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1181852Issue TrackingVendor Advisory
- https://github.com/rancher/rancher/issues/31583Issue TrackingThird Party Advisory
- https://github.com/rancher/rancher/releases/tag/v2.5.6Release NotesThird Party Advisory
FAQ
What is CVE-2021-25313?
CVE-2021-25313 is a vulnerability with a CVSS score of 7.1 (HIGH). A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: S...
How severe is CVE-2021-25313?
CVE-2021-25313 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-25313?
Check the references section above for vendor advisories and patch information. Affected products include: Suse Rancher.