CVE-2015-1368

Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ansible:tower:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-01-27 20:04

Updated : 2024-02-04 18:35


NVD link : CVE-2015-1368

Mitre link : CVE-2015-1368

CVE.ORG link : CVE-2015-1368


JSON object : View

Products Affected

ansible

  • tower
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')