A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the  REGEX and P parameters. This issue affects MirrorCache before 1.083.
History

Thu, 14 Nov 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Opensuse
Opensuse mirrorcache
CPEs cpe:2.3:a:opensuse:mirrorcache:*:*:*:*:*:*:*:*
Vendors & Products Opensuse
Opensuse mirrorcache
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


Wed, 13 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Suse
Suse opensuse Tumbleweed
CPEs cpe:2.3:a:suse:opensuse_tumbleweed:*:*:*:*:*:*:*:*
Vendors & Products Suse
Suse opensuse Tumbleweed
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 13 Nov 2024 14:30:00 +0000

Type Values Removed Values Added
Description A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the  REGEX and P parameters. This issue affects MirrorCache before 1.083.
Title XSS vulnerability found in OpenSuse MirrorCache
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: suse

Published: 2024-11-13T14:21:00.317Z

Updated: 2024-11-13T18:38:11.311Z

Reserved: 2024-10-15T13:20:07.748Z

Link: CVE-2024-49505

cve-icon Vulnrichment

Updated: 2024-11-13T18:38:03.835Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-13T15:15:07.860

Modified: 2024-11-14T15:13:09.100

Link: CVE-2024-49505

cve-icon Redhat

No data.