You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
st2stanley
published
GHSA-w277-gpp9-g249Dec 5, 2022
Package
st2
(stackstorm)
Affected versions
<3.8.0
Patched versions
3.8.0
st2web
(stackstorm)
<3.8.0
3.8.0
Description
Impact
Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users.
Patches
Affected StackStorm versions: all prior v3.8.0.
The issue was fixed in StackStorm: v3.8.0.
Impact
Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users.
Patches
Affected StackStorm versions: all prior
v3.8.0.The issue was fixed in StackStorm:
v3.8.0.References
Credits
This issue was discovered and reported to us by Mohamed Elgllad.