CVE-2023-32193

A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32193
https://github.com/rancher/norman/security/advisories/GHSA-r8f4-hv23-6qp6

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad en la que se pueden explotar cross-site scripting (XSS) no autenticadas en el endpoint de la API pública de Norman. Esto puede llevar a que un atacante aproveche la vulnerabilidad para activar código JavaScript y ejecutar comandos de forma remota.

16 Oct 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-16 13:15

Updated : 2026-04-15 00:35

NVD link : CVE-2023-32193

Mitre link : CVE-2023-32193

CVE.ORG link : CVE-2023-32193

JSON object : View

Products Affected

No product.

CWE

CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

8.3 /10