CVE-2025-23392

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-23392
A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3.

5.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23392
Configurations

No configuration.

History

28 May 2025, 15:01

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de neutralización incorrecta de etiquetas HTML relacionadas con scripts en una página web (XSS básico) en spacewalk-java permite la ejecución de código Javascript arbitrario en los sistemas de destino. Este problema afecta a Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: desde ? anterior a 5.0.24-150600.3.25.1; Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: desde ? anterior a 5.0.24-150600.3.25.1; Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: desde ? anterior a 5.0.24-150600.3.25.1; Contenedor suse/manager/5.0/x86_64/server:5.0.4.7.19.1: desde ? anterior a 5.0.24-150600.3.25.1; SUSE Manager Server Module 4.3: desde ? anterior a 4.3.85-150400.3.105.3; SUSE Manager Server Module 4.3: desde ? anterior a 4.3.85-150400.3.105.3; SUSE Manager Server Module 4.3: desde ? anterior a 4.3.85-150400.3.105.3; SUSE Manager Server Module 4.3: desde ? anterior a 4.3.85-150400.3.105.3.

26 May 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-26 16:15

Updated : 2025-05-28 15:01

NVD link : CVE-2025-23392

Mitre link : CVE-2025-23392

CVE.ORG link : CVE-2025-23392

JSON object : View

Products Affected

No product.

CWE
CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)