Description
ansibleguy-webui is an open source WebUI for using Ansible. Multiple forms in versions < 0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. These issues have been addressed in version 0.0.21 (0.0.21.post2 on pypi). Users are advised to upgrade. There are no known workarounds for these issues.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://github.com/ansibleguy/webui/security/advisories/GHSA-927p-xrc2-x2gj
Issue Tracking x_refsource_misc
https://github.com/ansibleguy/webui/issues/44
Patch x_refsource_misc
https://github.com/ansibleguy/webui/commit/7737b47e7f7ddbfec7b1418c724598363718d522
Various Sources x_refsource_misc
https://github.com/ansibleguy/webui/files/15358522/Report.pdf
Scores
CVSS v3
8.2
EPSS
0.0025
EPSS Percentile
48.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-79
Status
published
Products (2)
ansibleguy/webui
< 0.0.21
pypi/ansibleguy-webui
0 - 0.0.21PyPI
Published
May 28, 2024
Tracked Since
Feb 18, 2026