CVE-2023-32193 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-32193

CVE-2023-32193

October 16, 2024

A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely.

Related Resources (9)

https://github.com/rancher/norman/security/advisories/GHSA-r8f4-hv23-6qp6

https://github.com/rancher/norman

https://nvd.nist.gov/vuln/detail/CVE-2023-32193

https://github.com/rancher/norman/commit/cb54924f25c7666511a913cd41834299ef22dba4

https://github.com/rancher/norman/commit/a6a6cf5696088c32002953d36b75bdcc84f2399e

https://github.com/rancher/norman/commit/bd13c653293b9b5e0b37e8a6ccd1c3277f4623ed

https://github.com/rancher/norman/commit/7b2b467995e6dfab6d4a5dee8dffc15033ae8269

https://github.com/rancher/norman/commit/3bb70b772b52297feac64f5fdeb1b13c06c37e39

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32193

Do you need more information?

CVSS v4

Base Score:

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

8.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Weakness Type (CWE)

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CWE-80

EPSS

Base Score:

0.17

Products

Solutions

Resources

Company

Compare

Developer Tools