Cross-Site Scripting (XSS) via inconsistent tag sanitization
Summary
Cross-Site Scripting (XSS) via inconsistent tag sanitization. Red Hat rates this moderate (CVSS 8.1). Weakness: CWE-79. Affected package(s): rhoai/odh-mod-arch-model-registry-rhel9:1780467147, devspaces/openvsx-rhel9:1779528224, cryostat/cryostat-openshift-console-plugin-rhel9:4.2.0, devspaces/code-rhel9:1779814592, rhoai/odh-dashboard-rhel9:1780467029, automation-platform-ui. Resolved in Red Hat advisory RHSA-2026:27872 — update the affected packages (`sudo dnf update`).
- rhoai/odh-mod-arch-model-registry-rhel9:1780467147
- devspaces/openvsx-rhel9:1779528224
- cryostat/cryostat-openshift-console-plugin-rhel9:4.2.0-10
- devspaces/code-rhel9:1779814592
- rhoai/odh-dashboard-rhel9:1780467029
- automation-platform-ui-0:2.6.10-1.el9ap
- rhdh/rhdh-hub-rhel9:1779841586
- container-native-virtualization/kubevirt-console-plugin-rhel9:1781807944
- openshift-service-mesh/kiali-ossmc-rhel8:1778191473
- container-native-virtualization/kubevirt-console-plugin-rhel9:1781821991
- dompurify
- cryostat/cryostat-rhel9:4.2.0-10
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
- RHSA-2026:27872
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:27872 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.