CVE-2024-49502

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.6MEDIUM

EPSS

0.0%

top 88.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Container Suse/manager/5.0/x86 64/server:5.0.2.7.8.1 Suse Suse Manager Server Module 4.3

Timeline

PublishedNov 28

Description

A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5suse/suse_manager_server_module_4.3< 4.3.42-150400.3.52.1

▶CVEListV5suse/container_suse/manager/5.0/x86_64/server:5.0.2.7.8.1< 5.0.15-150600.3.10.2

🔴Vulnerability Details

GHSA

GHSA-gfm2-2cmr-j6jf: A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credential↗2024-11-28

▶

CVEList

Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web↗2024-11-28

▶