Cross-site Scripting (XSS)

github.com/rancher/apiserver is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to the ParseRequestURL function within base.go constructing a URL from parts of the request without proper sanitization. This flaws allows an attacker to execute arbitrary JavaScript by sending a crafted payload to the public…Read More