Description<!---->Prometheus Alertmanager is vulnerable to cross-site scripting due to improper validation of user-supplied input by the /api/v1/alerts endpoint. This issue could allow a remote malicious user to inject malicious script into a web page, which would be executed in a victim's web browser within the hosting website once the page is viewed, allow the malicious user to steal the victim's cookie-based authentication credentials.Prometheus Alertmanager is vulnerable to cross-site scripting due to improper validation of user-supplied input by the /api/v1/alerts endpoint. This issue could allow a remote malicious user to inject malicious script into a web page, which would be executed in a victim's web browser within the hosting website once the page is viewed, allow the malicious user to steal the victim's cookie-based authentication credentials.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
prometheus alertmanager 0.25.0 |
||
debian debian linux 10.0 |