Vulnerability Details CVE-2022-43754
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.0%
CVSS Severity
CVSS v3 Score 2.6
References
Products affected by CVE-2022-43754
-
cpe:2.3:a:suse:manager_server:4.2
-
cpe:2.3:a:suse:manager_server:4.2.1
-
cpe:2.3:a:suse:manager_server:4.2.2
-
cpe:2.3:a:suse:manager_server:4.2.3
-
cpe:2.3:a:suse:manager_server:4.2.4
-
cpe:2.3:a:suse:manager_server:4.2.5
-
cpe:2.3:a:suse:manager_server:4.2.6
-
cpe:2.3:a:suse:manager_server:4.2.7
-
cpe:2.3:a:suse:manager_server:4.2.8
-
cpe:2.3:a:suse:manager_server:4.2.9
-
cpe:2.3:a:suse:manager_server:4.3
-
cpe:2.3:a:suse:manager_server:4.3.1
-
cpe:2.3:a:uyuni-project:uyuni:2020.01
-
cpe:2.3:a:uyuni-project:uyuni:2020.03
-
cpe:2.3:a:uyuni-project:uyuni:2020.04
-
cpe:2.3:a:uyuni-project:uyuni:2020.05
-
cpe:2.3:a:uyuni-project:uyuni:2020.06
-
cpe:2.3:a:uyuni-project:uyuni:2020.07
-
cpe:2.3:a:uyuni-project:uyuni:2020.09
-
cpe:2.3:a:uyuni-project:uyuni:2020.11
-
cpe:2.3:a:uyuni-project:uyuni:2021.01
-
cpe:2.3:a:uyuni-project:uyuni:2021.02
-
cpe:2.3:a:uyuni-project:uyuni:2021.04
-
cpe:2.3:a:uyuni-project:uyuni:2021.05
-
cpe:2.3:a:uyuni-project:uyuni:2021.06
-
cpe:2.3:a:uyuni-project:uyuni:2021.08
-
cpe:2.3:a:uyuni-project:uyuni:2021.09
-
cpe:2.3:a:uyuni-project:uyuni:2021.12
-
cpe:2.3:a:uyuni-project:uyuni:2022.01
-
cpe:2.3:a:uyuni-project:uyuni:2022.02
-
cpe:2.3:a:uyuni-project:uyuni:2022.03
-
cpe:2.3:a:uyuni-project:uyuni:2022.04
-
cpe:2.3:a:uyuni-project:uyuni:2022.05
-
cpe:2.3:a:uyuni-project:uyuni:2022.06
-
cpe:2.3:a:uyuni-project:uyuni:2022.08
-
cpe:2.3:a:uyuni-project:uyuni:4.0.0
-
cpe:2.3:a:uyuni-project:uyuni:4.0.1
-
cpe:2.3:a:uyuni-project:uyuni:4.0.2