Primary

Context

Red Hat Stackrox Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Red Hat Stackrox. This issue arises when script code is inserted into a limited number of table cells. The vulnerability can be exploited if the script is embedded in the name of a Kubernetes 'Role' object applied to a secured cluster. This object may be used by a user with cluster access or through a compromised third-party product.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, create a Kubernetes 'Role' object and include script code in the role name. Apply this role to a secured cluster. The injected script will be executed, demonstrating the cross-site scripting vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

5.0

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

5.0

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Red Hat Stackrox Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Red Hat Advanced Cluster Security

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating