An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:NRed Hat Ansible Automation Controller
APPRedhat4.4< 4.3.11Red Hat Ansible Automation Platform
APPRedhat2.32.4Red Hat Ansible Developer
APPRedhat1.0Red Hat Ansible Inside
APPRedhat1.1Red Hat Enterprise Linux
OSRedhat8.09.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
References
Related vulnerabilities
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
CVE-2018-14667CRITICAL9.8⚠ KEVten sam produkt
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...
CVE-2014-7169CRITICAL9.8⚠ KEVten sam produkt
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the...
CVE-2014-6271CRITICAL9.8⚠ KEVten sam produkt
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variab...