CVE-2023-32193

HIGH

rancher/norman <0.0.0-20240207153100-3bb70b772b52 - Unauthenticated Cross-Site Scripting via Public API Endpoint

Title source: llm

Description

A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely.

References (2)

Core 2

Core References

Vendor Advisory

https://github.com/rancher/norman/security/advisories/GHSA-r8f4-hv23-6qp6

Issue Tracking

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32193

Scores

CVSS v3 8.3

EPSS 0.0023

EPSS Percentile 45.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-80

Status published

Products (2)

rancher/norman 0 - 0.0.0-20240207153100-3bb70b772b52Go

SUSE/norman < 0.0.0-20240207153100-3bb70b772b52

Published Oct 16, 2024

Tracked Since Feb 18, 2026