1 results (0.003 seconds)

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. Se ha identificado una vulnerabilidad en la que se pueden explotar cross-site scripting (XSS) no autenticadas en el endpoint de la API pública de Norman. Esto puede llevar a que un atacante aproveche la vulnerabilidad para activar código JavaScript y ejecutar comandos de forma remota. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32193 https://github.com/rancher/norman/security/advisories/GHSA-r8f4-hv23-6qp6 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •