An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.
References
| Link | Resource |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1204741 | Issue Tracking Third Party Advisory |
| https://bugzilla.suse.com/show_bug.cgi?id=1204741 | Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:27
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 2.6 |
| References | () https://bugzilla.suse.com/show_bug.cgi?id=1204741 - Issue Tracking, Third Party Advisory |
Information
Published : 2022-11-10 15:15
Updated : 2024-11-21 07:27
NVD link : CVE-2022-43754
Mitre link : CVE-2022-43754
CVE.ORG link : CVE-2022-43754
JSON object : View
Products Affected
uyuni-project
- uyuni
suse
- manager_server
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')