Permalink
CVE-2024-9427
5.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
Koji: escape html tag characters in the query string
A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code
References
- RHBZ#2316047 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-9427 x_refsource_REDHAT vdb-entry
- RHBZ#2316047 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-9427 x_refsource_REDHAT vdb-entry
- RHBZ#2316047 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-9427 x_refsource_REDHAT vdb-entry
- RHBZ#2316047 issue-tracking x_refsource_REDHAT
Affected products
koji
- <1.35.1
Matching in nixpkgs
pkgs.haskellPackages.koji
Koji buildsystem XML-RPC API bindings
-
nixos-unstable -
- nixpkgs-unstable 0.0.2
Package maintainers
-
@ByteSudoer ByteSudoer <bytesudoer@gmail.com>
-
@WeetHet WeetHet