A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00059}

epss

{'score': 0.00048}


Fri, 07 Feb 2025 04:45:00 +0000

Type Values Removed Values Added
References

Tue, 24 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 24 Dec 2024 03:30:00 +0000

Type Values Removed Values Added
Description A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code
Title Koji: escape html tag characters in the query string
Weaknesses CWE-116
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T21:00:59.012Z

Reserved: 2024-10-02T02:30:27.642Z

Link: CVE-2024-9427

cve-icon Vulnrichment

Updated: 2024-12-24T15:43:11.707Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-12-24T04:15:07.360

Modified: 2025-02-07T05:15:12.130

Link: CVE-2024-9427

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.