XSS Vulnerability in SUSE Manager Server Products
CVE-2025-23392

5.6MEDIUM

Key Information:

Vendor

Suse
Status
Container Suse/manager/5.0/x86 64/server:5.0.4.7.19.1
Suse Manager Server Module 4.3
Vendor
CVE Published:
26 May 2025

What is CVE-2025-23392?

An improper neutralization of script-related HTML tags vulnerability exists in SUSE Manager Server products, which could allow an attacker to execute arbitrary JavaScript code on target systems. This issue affects specific container versions prior to 5.0.24-150600.3.25.1 and the SUSE Manager Server Module 4.3 versions prior to 4.3.85-150400.3.105.3, potentially compromising the security of affected deployments.

Affected Version(s)

Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1 ? < 5.0.24-150600.3.25.1

Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1 ? < 5.0.24-150600.3.25.1

Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1 ? < 5.0.24-150600.3.25.1

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23392

CVSS V4

Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

https://github.com/unix-geek
.
CVE-2025-23392 : XSS Vulnerability in SUSE Manager Server Products