XSS in Suse Linux Enterprise Module For Manager Server 4.2
CVE-2022-43754
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.002 (48.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 2.6 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N.
Affected products
- Suse Linux Enterprise Module For Manager Server 4.2 — versions hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls
- Suse Linux Enterprise Module For Manager Server 4.3 — versions spacewalk-java
- Suse Manager Server 4.2 — versions release-notes-susemanager
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2022-43754?
- CVE-2022-43754 is a low-severity vulnerability in Suse Linux Enterprise Module For Manager Server 4.2, classified under Cross-site Scripting. CVSS score: 2.6/10. Published 2022-11-10.
- How severe is CVE-2022-43754?
- Low severity. CVSS v3 base score is 2.6 out of 10.