Cross-Site Scripting Vulnerability in SUSE Manager for SUSE Linux Enterprise
CVE-2012-0414

Currently unrated

Key Information:

Vendor: Novell
Status: Suse Manager
Vendor: CVE Published:; 2 December 2013

Summary

A cross-site scripting vulnerability exists in the Spacewalk service of SUSE Manager, which affects the SUSE Linux Enterprise. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML into the affected service using crafted image names, which could lead to unauthorized access and exploitation of user sessions.

References

https://bugzilla.novell.com/show_bug.cgi?id=761165

x_refsource_MISC

http://support.novell.com/docs/Readmes/InfoDocument/patch...

x_refsource_CONFIRM

https://support.novell.com/security/cve/CVE-2012-0414.html

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 2, 2013
Vulnerability Reserved
Jan 9, 2012