PT-2025-22971 · Suse+1 · Suse Manager Server Module+1
Published
2025-05-27
·
Updated
2025-07-23
·
CVE-2025-23393
CVSS v3.1
5.2
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
spacewalk-java versions 5.0.4.7.19.1 through 5.0.24-150600.3.25.1
SUSE Manager Server Module 4.3 versions prior to 4.3.85-150400.3.105.3
Description
A vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users' machines due to improper neutralization of script-related HTML tags in a web page. This issue enables basic XSS attacks.
Recommendations
For versions 5.0.4.7.19.1 through 5.0.24-150600.3.25.1, update to version 5.0.24-150600.3.25.1 or later.
For SUSE Manager Server Module 4.3 versions prior to 4.3.85-150400.3.105.3, update to version 4.3.85-150400.3.105.3 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Suse Manager Server Module
Spacewalk-Java