Cross-Site Scripting Vulnerability in SUSE Manager Server Products
CVE-2025-23393

5.6MEDIUM

Key Information:

Vendor: Suse
Status: Container Suse/manager/5.0/x86 64/server:5.0.4.7.19.1; Suse Manager Server Module 4.3
Vendor: CVE Published:; 27 May 2025

What is CVE-2025-23393?

An improper neutralization of script-related HTML tags in the SUSE Manager Server application allows an attacker to inject arbitrary JavaScript code. This type of Cross-Site Scripting (XSS) vulnerability poses a risk as it can lead to the execution of malicious code on user machines, potentially compromising sensitive data and user privacy. Users of affected versions need to update to secure their systems against this threat.

Affected Version(s)

Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1 ? < 5.0.24-150600.3.25.1

SUSE Manager Server Module 4.3 ? < 4.3.85-150400.3.105.3

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23393

CVSS V4

Score:

5.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2025
Vulnerability Reserved
Jan 15, 2025

Suse

What is CVE-2025-23393?

Affected Version(s)

References

CVSS V4

Timeline