server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in "kontena master login --remote" code display, as demonstrated by /code#code= in a URI.
https://lgtm.com/projects/g/kontena/kontena/rev/06a7a06e65a5ef0dada14faee2ae20388b87c1fe
https://github.com/kontena/kontena/releases/tag/v1.5.0
https://github.com/kontena/kontena/pull/3223
Source: Mitre, NVD
Published: 2018-03-15
Updated: 2026-06-17
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: Medium
Base Score: 6.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS: 0.00264