PT-2026-52630 · Red Hat · Pen Drive Powered By Red Hat Lightspeed

Jon Weiser

Publicado

2026-06-25

Atualizado

2026-06-26

CVE-2026-13083

CVSS v3.1

6.9

Média

Vetor

AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting (XSS) payload into cluster objects (such as ClusterVersion spec.channel) that executes in the browser of any user who opens the generated HTML report.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-13083

PT-2026-52630 · Red Hat · Pen Drive Powered By Red Hat Lightspeed

CVE-2026-13083

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3