Cross-Site Scripting Vulnerability in Crowbar by SUSE
CVE-2012-3551

Currently unrated

Key Information:

Vendor: Dell
Status: Crowbar
Vendor: CVE Published:; 5 September 2012

Summary

An XSS vulnerability exists in the Crowbar framework, specifically within the support index view. This flaw permits remote attackers to inject arbitrary HTML or web scripts via a manipulated file parameter sent to the /utils endpoint. If exploited, this could lead to unauthorized actions on behalf of the user or access to sensitive information. The vulnerability affects versions of Crowbar up to and including 1.4, necessitating prompt action to mitigate potential risks.

References

http://www.openwall.com/lists/oss-security/2012/08/31/1

mailing-listx_refsource_MLIST

https://bugzilla.novell.com/show_bug.cgi?id=771840

x_refsource_MISC

https://github.com/SUSE-Cloud/barclamp-crowbar/commit/a82...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 5, 2012