Skip to main content

Rancher CVE-2021-25313

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2021-03-05 meissner@suse.de
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 05, 2021 - 09:15 nvd
MEDIUM 6.1

DescriptionNVD

A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6.

AnalysisAI

A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6. Affected products include: Suse Rancher. Version information: prior to 2.5.6..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2022-31247 CRITICAL POC
9.1 Sep 07

An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role

CVE-2022-21951 MEDIUM POC
6.8 May 25

A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network

CVE-2023-22651 CRITICAL
9.9 May 04

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. Rated critical severity (CVSS 9

CVE-2021-25320 CRITICAL
9.9 Jul 15

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by cr

CVE-2019-11202 CRITICAL
9.8 Jul 30

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, a

CVE-2026-44939 CRITICAL
9.4 Jun 19

{token}_{clusterId}.yaml. CVSS 4.0 rates this 9.4 (Critical) with a scope-changing impact on subsequent systems, but no

CVE-2026-44946 CRITICAL
9.5 Jun 30

SAML assertion replay in Rancher's Assertion Consumer Service (ACS) handler lets a person-in-the-middle who captures a v

CVE-2026-41052 CRITICAL
9.4 Jun 29

Privilege escalation in SUSE Rancher (Kubernetes management platform) allows a user holding the Project Owner role to im

CVE-2017-7297 HIGH
8.8 Mar 29

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. Rated

CVE-2026-41053 HIGH
8.8 Jun 30

Privilege escalation in Rancher 2.13 (before 2.13.6) and 2.14 (before 2.14.2) lets any authenticated user gain principal

CVE-2023-22648 HIGH
8.8 Jun 01

A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected

CVE-2021-31999 HIGH
8.8 Jul 15

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as oth

Share

CVE-2021-25313 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy