CVE-2022-43760Cross-site Scripting in Rancher

CWE-79Cross-site Scripting4 documents4 sources
Severity
8.4HIGHNVD
EPSS
1.4%
top 19.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse RancherGithub.com Rancher Rancher
Timeline
PublishedJun 1
Latest updateJun 6

Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. This could result in a user with write access to the affected areas being able to act on behalf of an administrator, once an adm

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.7 | Impact: 6.0

Affected Packages3 packages

CVEListV5suse/rancher>= 2.6.0< 2.6.13+1
NVDsuse/rancher2.6.02.6.13+1
Gogithub.com/rancher_rancher2.6.02.6.13+1

🔴Vulnerability Details

3
OSV
Rancher UI has multiple Cross-Site Scripting (XSS) issues2023-06-06
GHSA
Rancher UI has multiple Cross-Site Scripting (XSS) issues2023-06-06
CVEList
CVE-2022-43760: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-priv2023-06-01
CVE-2022-43760 — Cross-site Scripting in Suse Rancher | cvebase