We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4.
Reserved 2024-11-06 | Published 2025-04-16 | Updated 2025-04-18 | Assigner suseCWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
This issue was identified and reported by Bhavin Makwana from Workday’s Cyber Defence Team
bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52281
github.com/...ancher/security/advisories/GHSA-2v2w-8v8c-wcm9
Support options