[//]: # (werk v2)
# Fix XSS in graph rendering
key | value
---------- | ---
date | 2024-04-04T14:24:50+00:00
version | 2.4.0b1
class | security
edition | cre
component | wato
level | 1
compatible | yes
Prior to this Werk a service name with html tags lead to cross site scripting in the graph
rendering.
We found this vulnerability internally.
**Affected Versions**:
Only 2.3.0 is affected, older versions are NOT affected.
**Vulnerability Management**:
We have rated the issue with a CVSS Score of 4.6 (Medium) with the following CVSS vector:
`CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N`.
We assigned CVE-2024-2380 to this vulnerability.
**Changes**:
This Werk changes the encoding engine to use our customized JSON encoder.
Show replies by date