An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. This could result in a user with write access to the affected areas being able to act on behalf of an administrator, once an administrator opens the affected web page. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: suse

Published: 2023-06-01T12:56:40.074Z

Updated: 2024-08-03T13:40:06.301Z

Reserved: 2022-10-26T06:52:18.766Z

Link: CVE-2022-43760

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-06-01T13:15:10.373

Modified: 2024-11-21T07:27:10.573

Link: CVE-2022-43760

cve-icon Redhat

No data.