CVE-2025-23392

Name of the Vulnerable Software and Affected Versions spacewalk-java versions prior to 4.3.85-150400.3.105.3 spacewalk-java versions prior to 5.0.24-150600.3.25.1

Description A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems. This issue affects SUSE Manager Server Module and Container suse/manager. The vulnerability can be exploited by filtering user input in systems list page.

Recommendations For versions prior to 4.3.85-150400.3.105.3, update to version 4.3.85-150400.3.105.3 or later. For versions prior to 5.0.24-150600.3.25.1, update to version 5.0.24-150600.3.25.1 or later. As a temporary workaround, consider filtering user input in the systems list page to prevent arbitrary Javascript code execution.