High severity8.9OSV Advisory· Published Apr 16, 2025· Updated Apr 15, 2026
CVE-2024-52281
CVE-2024-52281
Description
A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field. This issue affects rancher: from 2.9.0 before 2.9.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/rancherGo | >= 2.9.0, < 2.9.4 | 2.9.4 |
Affected products
5- ghsa-coords4 versionspkg:golang/github.com/rancher/rancherpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
>= 2.9.0, < 2.9.4+ 3 more
- (no CPE)range: >= 2.9.0, < 2.9.4
- (no CPE)range: < 0.0.20250128T150132-150000.1.29.1
- (no CPE)range: < 0.0.20250115T172141-1.1
- (no CPE)range: < 0.0.20250128T150132-150000.1.29.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.