CVE-2019-11881

MEDIUM

Rancher < 2.2.4 - Cross-Site Scripting via Login Error Message

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-11881. PoCs published by MauroEldritch.

AI-analyzed exploit summary This repository contains a functional Ruby script that exploits CVE-2019-11881, a web parameter tampering vulnerability in Rancher 2.1.4. The script encodes a user-provided message and injects it into the login error message parameter, demonstrating the vulnerability.

Description

A vulnerability exists in Rancher before 2.2.4 in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols. There's no other limitation of the message, allowing malicious users to lure legitimate users to visit phishing sites with scare tactics, e.g., displaying a "This version of Rancher is outdated, please visit https://malicious.rancher.site/upgrading" message.

Exploits (1)

nomisec WORKING POC 3 stars
by MauroEldritch · poc
https://github.com/MauroEldritch/VanCleef

This repository contains a functional Ruby script that exploits CVE-2019-11881, a web parameter tampering vulnerability in Rancher 2.1.4. The script encodes a user-provided message and injects it into the login error message parameter, demonstrating the vulnerability.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Rancher 2.1.4
No auth needed
Prerequisites: Access to the Rancher web interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 4.7
EPSS 0.0525
EPSS Percentile 90.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Details

Status published
Products (2)
rancher/rancher 0Go
suse/rancher 2.1.4
Published Jun 10, 2019
Tracked Since Feb 18, 2026