Stored XSS Vulnerability in Rancher by SUSE
CVE-2024-52281

8.9HIGH

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 16 April 2025

Summary

A vulnerability in SUSE Rancher allows an attacker to exploit improper input validation in the cluster description field, leading to stored cross-site scripting (XSS). This flaw can be exploited to inject malicious scripts, affecting the integrity and security of web application users. Users of affected versions should apply the available patches promptly to mitigate potential security risks.

Affected Version(s)

rancher 2.9.0 < 2.9.4

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52281

https://github.com/rancher/rancher/security/advisories/GH...

CVSS V3.1

Score:

8.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2025
Vulnerability Reserved
Nov 6, 2024

Credit

This issue was identified and reported by Bhavin Makwana from Workday’s Cyber Defence Team