Description
A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser session. This cross-site scripting (XSS) vulnerability allows the attacker to compromise the victim's Red Hat Single Sign-On (SSO) session, potentially leading to unauthorized cross-tenant data access and API actions.
Published: 2026-06-10
Score: 7.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in the Migration‑Planner UI App allows an attacker to register a discovery agent that uses a credentialUrl containing malicious JavaScript. When an organizational user clicks that link in the interface, the script runs in the user's browser context. Because the script executes with the privileges of the logged‑in user, it can hijack the Red Hat Single Sign‑On (SSO) session, leading to unauthorized access across tenants and the ability to perform privileged API actions. This is a stored Cross‑Site Scripting (CWE‑79) flaw.

Affected Systems

This flaw affects the Migration‑Planner UI App component. Specific version ranges are not listed in the advisory; users should verify if their deployment includes the issue and update to a fixed release once available.

Risk and Exploitability

The CVSS score of 7.3 indicates high severity, and while the EPSS score is not available, the flaw requires user interaction—the victim must click the link—to trigger the exploit. The attack can be performed by any attacker who can register a malicious discovery agent, meaning internal users or compromised accounts could pose a threat. Because the code runs in the victim’s browser session, it can steal SSO tokens and perform cross‑tenant data or API actions. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on June 10, 2026 at 16:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • When a vendor‑supplied patch for Migration‑Planner UI App becomes available, apply it.
  • If a patch is not yet available, enforce a strict Content Security Policy that disallows inline JavaScript and the javascript: scheme for links rendered by the application.
  • Restrict or audit the creation of discovery agents so that only trusted, sanitized URLs are accepted, and consider disabling the ability to register agents that use external URLs outside the trusted domain.

Generated by OpenCVE AI on June 10, 2026 at 16:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser session. This cross-site scripting (XSS) vulnerability allows the attacker to compromise the victim's Red Hat Single Sign-On (SSO) session, potentially leading to unauthorized cross-tenant data access and API actions.
Title Migration-planner-ui-app: stored xss via javascript: url in agent credential link
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-10T15:46:25.699Z

Reserved: 2026-06-09T17:03:29.627Z

Link: CVE-2026-53473

cve-icon Vulnrichment

Updated: 2026-06-10T15:46:21.629Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-10T15:16:41.820

Modified: 2026-06-10T19:24:04.320

Link: CVE-2026-53473

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T16:30:26Z

Weaknesses