← volver
CVE-2024-49502

Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web

CVSS 4.6 MEDIUMEPSS 0.3%CWE-79
A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
SUSE · Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1SUSE · SUSE Manager Server Module 4.3

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49502