{"id":"CVE-2021-25313","details":"A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6.","aliases":["GHSA-6m8r-jh89-rq7h"],"modified":"2026-05-18T17:52:07.745568Z","published":"2021-03-05T09:15:13.503Z","references":[{"type":"ADVISORY","url":"https://github.com/rancher/rancher/releases/tag/v2.5.6"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1181852"},{"type":"REPORT","url":"https://github.com/rancher/rancher/issues/31583"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rancher/rancher","events":[{"introduced":"0"},{"fixed":"65f7c844267bf7336a38ee6ea3e0e63af9e21274"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2.5.6"}],"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*"}}],"versions":["v2.5.6-rc5","v2.5.6-rc8","v2.5.6-rc7","v2.5.6-rc6","v2.5.6-rc4","v2.5.6-rc3","v2.5.6-rc2","v2.5.6-rc1","v2.5.4-rc9","v2.5.4","v2.5.4-rc8","v2.4.0-rc9","v2.5.4-rc7","v2.5.4-rc6","v2.5.4-rc5","v2.5.4-rc4","v2.5.4-rc3","v2.5.4-rc2","v2.5.4-rc1","v2.5.2-rc10","v2.5.2","v2.5.2-rc9","v2.5.2-rc8","v2.5.2-rc7","v2.5.2-rc6","v2.5.2-rc5","v2.5.2-rc4","v2.5.2-rc3","v2.5.1-rc1","v2.5.1","v2.5.2-rc1","v2.5.2-rc2","v2.5.2-rc","v2.5.0-rc9","v2.5.0","v2.5.0-rc8","v2.5.0-rc7","v2.5.0-rc6","v2.5.0-rc5","v2.5.0-rc4","v2.5.0-rc3","v2.5.0-rc2","v2.5.0-rc1","v2.5.0-alpha5","v2.5.0-alpha4","v2.5.0-alpha3","v2.5.0-alpha2","v2.5.0-alpha1","v2.3.7-draft","v2.4.0-rc11","v2.4.0-rc10","v2.4.0-rc8","v2.4.0-rc7","v2.4.0-rc6","v2.4.0-rc5","v2.4.0-rc4","v2.4.0-rc3","v2.4.0-rc2","v2.4.0-rc1","v2.4.0-alpha1","v2.3.0-rc10","v2.3.0-rc9","v2.3.0-rc8","v2.3.0-rc7","v2.3.0-rc6","v2.3.0-rc5","v2.3.0-rc4","v2.3.0-rc3","v2.3.0-rc2","v2.3.0-rc1","v2.3.0-alpha7","v2.3.0-alpha6","v2.3.0-alpha5","v2.3.0-alpha4","v2.2.0-rc15","v2.2.0","v2.2.0-rc14","v2.2.0-rc13","v2.2.0-rc12","v2.2.0-rc11","v2.2.0-rc10","v2.2.0-rc9","v2.2.0-rc8","v2.2.0-rc7","v2.2.0-rc6","v2.2.0-rc5","v2.2.0-rc4","v2.2.0-rc3","v2.2.0-rc2","v2.2.0-rc1","v2.1.0","v2.1.0-rc10","v2.1.0-rc9","v2.1.0-rc8","v2.1.0-rc7","v2.1.0-rc6","v2.1.0-rc5","v2.1.0-rc4","v2.1.0-rc3","v2.1.0-rc2","v2.1.0-rc1","v2.0.8-rc2","v2.0.7-rc6","v2.0.7","v2.0.7-rc5","v2.0.7-rc4","v2.0.7-rc3","v2.0.7-rc2","v2.0.7-rc1","v2.0.6-rc2","v2.0.6","v2.0.6-rc1","v2.0.5","v2.0.5-rc6","v2.0.5-rc5","v2.0.5-rc4","v2.0.5-rc3","v2.0.5-rc2","v2.0.5-rc1","v2.0.4-rc1","v2.0.4","v2.0.3-rc5","v2.0.3","v2.0.3-rc4","v2.0.3-rc3","v2.0.3-rc2","v2.0.3-rc1","v2.0.2-rc1","v2.0.2","v2.0.1","v2.0.1-rc6","v2.0.1-rc5","v2.0.1-rc4","v2.0.1-rc3","v2.0.1-rc2","v2.0.1-rc1","v2.0.0-rc5","v2.0.0","v2.0.0-rc4","v2.0.0-rc3","v2.0.0-rc2","v2.0.0-rc1","v2.0.0-beta4-rc4","v2.0.0-beta4","v2.0.0-beta4-rc3","v2.0.0-beta4-rc2","v2.0.0-beta4-rc1","v2.0.0-beta3-rc1","v2.0.0-beta3","v2.0.0-beta2","v2.0.0-beta1","v2.0.0-alpha28","v2.0.0-alpha27","v2.0.0-alpha26","v2.0.0-alpha25","v2.0.0-alpha24","v2.0.0-alpha22","v2.0.0-alpha23","v2.0.0-alpha21","v2.0.0-alpha20","v2.0.0-alpha19","v2.0.0-alpha18","v2.0.0-alpha17","v2.0.0-alpha14","v2.0.0-alpha12","v2.0.0-alpha11"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25313.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}