Medium6.9Red Hat Linux Updated
stored XSS via unescaped cluster data in HTML report
CVE-2026-13083 Published Jun 23, 2026Updated by vendor Jun 23, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
stored XSS via unescaped cluster data in HTML report. Red Hat rates this moderate (CVSS 6.9). Weakness: CWE-79.
Mitigation checklist
Recommended fix / mitigation
- The following practices would help for avoiding exposure and mitigate this flaw: - Upgrade Pen Drive to version 1.0.0-2 or later, which reportedly contains the fix. - Until upgraded, review HTML reports generated by Pen Drive before opening them in a browser, or open them in a sandboxed browser environment. - If using must-gather archives from untrusted sources, validate the archive content before feeding it to Pen Drive. - Consider opening Pen Drive reports with JavaScript disabled in the browser.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.