Vulnerability CVE-2023-32193
Published: 2024-10-16

Description:
A vulnerability has been identified in which unauthenticated cross-site
scripting (XSS) in Norman's public API endpoint can be exploited. This
can lead to an attacker exploiting the vulnerability to trigger
JavaScript code and execute commands remotely.

Type:

CWE-80

 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS))

 References:
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32193
https://github.com/rancher/norman/security/advisories/GHSA-r8f4-hv23-6qp6
Copyright 2024, cxsecurity.com

 

Back to Top