MEDIUM🇬🇧 English

CVE-2025-5198

CVSS 5.0v3.1pub. 2025-05-27upd. 2025-07-30

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
  • Red Hat Advanced Cluster Security

    APP
    Redhat
    4.0
  • Stackrox

    APP
    Stackrox
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSSContainer
CWE
Referencje

Powiązane podatności

CVE-2022-1902HIGH8.8ten sam produkt

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly s...

CVE-2024-0406MEDIUM6.1ten sam produkt

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafte...

CVE-2023-48795MEDIUM5.9ten sam produkt

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, al...

CVE-2023-4958MEDIUM6.1ten sam produkt

In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missin...

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam vendor

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)