An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.
References
Link | Resource |
---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1204741 | Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Nov 2022, 17:20
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:uyuni-project:uyuni:*:*:*:*:*:*:*:* cpe:2.3:a:suse:manager_server:*:*:*:*:*:*:*:* |
|
First Time |
Suse manager Server
Uyuni-project uyuni Suse Uyuni-project |
|
References | (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1204741 - Issue Tracking, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
10 Nov 2022, 15:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-10 15:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-43754
Mitre link : CVE-2022-43754
CVE.ORG link : CVE-2022-43754
JSON object : View
Products Affected
uyuni-project
- uyuni
suse
- manager_server
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')