CVE-2023-32193

A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32193
https://github.com/rancher/norman/security/advisories/GHSA-r8f4-hv23-6qp6

Configurations

No configuration.

History

No history.

Information

Published : 2024-10-16 13:15

Updated : 2024-10-16 16:38

NVD link : CVE-2023-32193

Mitre link : CVE-2023-32193

CVE.ORG link : CVE-2023-32193

JSON object : View

Products Affected

No product.

CWE

CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

8.3 /10