Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-32193

Good to know:

icon

Date: October 16, 2024

A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. The attack vector was identified as a Reflected XSS. Norman API propagates malicious payloads from user input to the UI, which renders the output. For example, a malicious URL gets rendered into a script that is executed on a page.

Language: Go

Severity Score

Related Resources (10)

https://github.com/rancher/norman/commit/bd13c653293b9b5e0b37e8a6ccd1c3277f4623ed
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32193
https://github.com/rancher/norman
https://github.com/rancher/norman/security/advisories/GHSA-r8f4-hv23-6qp6
https://github.com/rancher/norman/commit/7b2b467995e6dfab6d4a5dee8dffc15033ae8269
https://github.com/rancher/norman/commit/cb54924f25c7666511a913cd41834299ef22dba4
https://github.com/rancher/norman/commit/3bb70b772b52297feac64f5fdeb1b13c06c37e39
https://github.com/rancher/norman/commit/a6a6cf5696088c32002953d36b75bdcc84f2399e
https://nvd.nist.gov/vuln/detail/CVE-2023-32193
https://www.mend.io/vulnerability-database/CVE-2023-32193

Severity Score

Weakness Type (CWE)

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CWE-80

Top Fix

icon

Upgrade Version

Upgrade to version github.com/rancher/norman - v0.0.0-20240207153100-3bb70b772b52

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): LOW

Do you need more information?

Contact Us