Skip to main content

Migration Planner Ui

1 CVEs product

Monthly

CVE-2026-53473 MEDIUM This Month

Stored cross-site scripting in Red Hat's migration-planner-ui-app (kubev2v project) allows an authenticated attacker who can register a discovery agent to inject a javascript: URI into the agent's credentialUrl field, which executes in another organizational user's browser when they click the resulting link in the UI. No public exploit identified at time of analysis, but the upstream fix (PR #750) and Red Hat Bugzilla entry confirm the issue is real and patched via a safeExternalUrl protocol allowlist. Successful exploitation hijacks the victim's Red Hat SSO session and enables cross-tenant data access and API actions.

XSS Red Hat Migration Planner Ui
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored cross-site scripting in Red Hat's migration-planner-ui-app (kubev2v project) allows an authenticated attacker who can register a discovery agent to inject a javascript: URI into the agent's credentialUrl field, which executes in another organizational user's browser when they click the resulting link in the UI. No public exploit identified at time of analysis, but the upstream fix (PR #750) and Red Hat Bugzilla entry confirm the issue is real and patched via a safeExternalUrl protocol allowlist. Successful exploitation hijacks the victim's Red Hat SSO session and enables cross-tenant data access and API actions.

XSS Red Hat Migration Planner Ui
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy