A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the REGEX and P parameters.
This issue affects MirrorCache before 1.083.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49505 |
History
Thu, 14 Nov 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Opensuse
Opensuse mirrorcache |
|
CPEs | cpe:2.3:a:opensuse:mirrorcache:*:*:*:*:*:*:*:* | |
Vendors & Products |
Opensuse
Opensuse mirrorcache |
|
Metrics |
cvssV3_1
|
Wed, 13 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Suse
Suse opensuse Tumbleweed |
|
CPEs | cpe:2.3:a:suse:opensuse_tumbleweed:*:*:*:*:*:*:*:* | |
Vendors & Products |
Suse
Suse opensuse Tumbleweed |
|
Metrics |
ssvc
|
Wed, 13 Nov 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the REGEX and P parameters. This issue affects MirrorCache before 1.083. | |
Title | XSS vulnerability found in OpenSuse MirrorCache | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: suse
Published: 2024-11-13T14:21:00.317Z
Updated: 2024-11-13T18:38:11.311Z
Reserved: 2024-10-15T13:20:07.748Z
Link: CVE-2024-49505
Vulnrichment
Updated: 2024-11-13T18:38:03.835Z
NVD
Status : Analyzed
Published: 2024-11-13T15:15:07.860
Modified: 2024-11-14T15:13:09.100
Link: CVE-2024-49505
Redhat
No data.