Cross-Site Scripting Vulnerability in SUSE Studio Onsite and Extension for System z
CVE-2011-4193

Currently unrated

Key Information:

Vendor
Suse
Status
Studio Extension For System Z
Studio Onsite
Vendor
CVE Published:
16 April 2014

Summary

A cross-site scripting (XSS) vulnerability exists in the overlay files tab of SUSE Studio Onsite and SUSE Studio Extension for System z, specifically in versions prior to 1.2.1. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML via maliciously crafted applications during the cloning process. If exploited, this could lead to unauthorized actions on behalf of users and potential data exposure, making it critical for users to apply the necessary updates to mitigate these risks.

References

http://lists.opensuse.org/opensuse-security-announce/2011...
vendor-advisoryx_refsource_SUSE

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.