CVE-2024-49503Cross-site Scripting in Container Suse Manager 5.0 X86 64 Server 5.0.2.7.8.1

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.0%
top 88.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse Container Suse Manager 5.0 X86 64 Server 5.0.2.7.8.1Suse Manager Server Module 4.3
Timeline
PublishedNov 28

Description

A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5suse/suse_manager_server_module_4.3?4.3.42-150400.3.52.1
CVEListV5suse/container_suse_manager_5.0_x86_64_server_5.0.2.7.8.1?5.0.15-150600.3.10.2

🔴Vulnerability Details

2
CVEList
Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web2024-11-28
GHSA
GHSA-966m-j2wr-w37h: A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execut2024-11-28
CVE-2024-49503 — Cross-site Scripting | cvebase