CVE-2025-23392 MEDIUM

CVE-2025-23392: Reflected XSS in SystemsController.java in spacewalk-java

Vendor Suse

Product Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1

Weakness CWE-80 · XSS · basic

Published May 26, 2025

Last update May 27, 2025

View on NVD All CVEs

CVSS base score

5.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

Description

A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3.

Key dates

Disclosure timeline

May 26, 2025 CVE published

May 27, 2025 Record updated

Identifiers

CVE CVE-2025-23392

CWE CWE-80

CVSS 5.2 / MEDIUM

Affected versions

Vendor Suse

Product Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1

Affected ≥ ? and < 5.0.24-150600.3.25.1

Vendor Suse

Product Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1

Affected ≥ ? and < 5.0.24-150600.3.25.1

Vendor Suse

Product Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1

Affected ≥ ? and < 5.0.24-150600.3.25.1

Vendor Suse

Product Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1

Affected ≥ ? and < 5.0.24-150600.3.25.1

Vendor Suse

Product SUSE Manager Server Module 4.3

Affected ≥ ? and < 4.3.85-150400.3.105.3

Vendor Suse

Product SUSE Manager Server Module 4.3

Affected ≥ ? and < 4.3.85-150400.3.105.3

Vendor Suse

Product SUSE Manager Server Module 4.3

Affected ≥ ? and < 4.3.85-150400.3.105.3

Vendor Suse

Product SUSE Manager Server Module 4.3

Affected ≥ ? and < 4.3.85-150400.3.105.3