CVE-2024-9427

MEDIUM 5.4

Koji: escape html tag characters in the query string

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code

CWE	CWE-116
Published	Dec 24, 2024
Last Updated	Aug 30, 2025

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new medium vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-9427 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2316047

Credits

Red Hat would like to thank James Taliaferro (Lawrence Livermore National Laboratory) for reporting this issue.