CVE-2024-49503

Summary

A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.

Affected Software

VendorProductVersion RangeStatus
SUSEContainer suse/manager/5.0/x86_64/server:5.0.2.7.8.1? < 5.0.15-150600.3.10.2affected
SUSESUSE Manager Server Module 4.3? < 4.3.42-150400.3.52.1affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References