CVE-2022-43760 HIGH

CVE-2022-43760

Vendor Suse
Product Rancher
Weakness CWE-79 · XSS
Published June 1, 2023
Last update January 9, 2025
View on NVD All CVEs

CVSS base score

8.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. This could result in a user with write access to the affected areas being able to act on behalf of an administrator, once an administrator opens the affected web page. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.

Key dates

02Disclosure timeline

June 1, 2023 CVE published
January 9, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-5535 e.nigma buttons <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-12379 Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget CVE-2023-20147 Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities CVE-2025-9500 TablePress <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode_debug Parameter CVE-2024-7489 Forms for Mailchimp by Optin Cat <= 2.5.7 - Authenticated (Editor+) Stored Cross-Site Scripting via Form Color Parameters