VYPR
Unrated severityNVD Advisory· Published Jul 24, 2023· Updated Nov 7, 2025

Quay: stored cross site scripting

CVE-2023-3384

Description

A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Red Hat/Red Hat Quay 3v5
    cpe:/a:redhat:quay:3
  • Red Hat/Quayllm-fuzzy

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.