Angel Olle

**Name of the Vulnerable Software and Affected Versions** Quay registry (affected versions not specified) **Description** A flaw was found in the Quay registry where image labels created through Quay undergo validation in the UI and backend using a regex, but the same validation is not performed when the label comes from an image. This allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.