7.3
CVE-2026-53473
- EPSS 0.19%
- Veröffentlicht 10.06.2026 13:55:37
- Zuletzt bearbeitet 16.06.2026 14:29:10
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginMigration-planner-ui-app: stored xss via javascript: url in agent credential link
A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser session. This cross-site scripting (XSS) vulnerability allows the attacker to compromise the victim's Red Hat Single Sign-On (SSO) session, potentially leading to unauthorized cross-tenant data access and API actions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kubev2v ≫ Migration Planner Ui Version < 0.13.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.083 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| secalert@redhat.com | 7.3 | 2.1 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://access.redhat.com/security/cve/CVE-2026-53473
https://bugzilla.redhat.com/show_bug.cgi?id=2487107
https://github.com/kubev2v/migration-planner-ui-app/pull/750