Unrated severityNVD Advisory· Published Jan 27, 2015· Updated May 6, 2026

CVE-2015-1368

Description

Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/.

Affected products

Ansible/Tower
cpe:2.3:a:ansible:tower:*:*:*:*:*:*:*:*
Range: <=2.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/129944/Ansible-Tower-2.0.2-XSS-Privilege-Escalation-Authentication-Missing.htmlnvdExploit
www.exploit-db.com/exploits/35786nvdExploit
www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150113-1_Ansible-Tower_multiple-vulnerabilities_v10.txtnvdExploit
osvdb.org/show/osvdb/116961nvd
osvdb.org/show/osvdb/116962nvd
osvdb.org/show/osvdb/116963nvd
osvdb.org/show/osvdb/116964nvd
osvdb.org/show/osvdb/116965nvd
seclists.org/fulldisclosure/2015/Jan/52nvd
www.securityfocus.com/archive/1/534464/100/0/threadednvd
www.securityfocus.com/bid/72023nvd
exchange.xforce.ibmcloud.com/vulnerabilities/99924nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.011
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000