CVE-2025-23392 — Vulnetix

CVE-2025-23392 PUBLISHED CVSS 5.199999809265137 MEDIUM

A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3.

EPSS 0.08% · 24.0th percentile

Risk Scores

CVSS v3.1

5.199999809265137

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

EPSS Score

0.08%

24.0th percentile

Affected Products

Vendor	Product	Versions
SUSE	SUSE Manager Server Module 4.3	?
SUSE	Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1	*
SUSE	SUSE Manager Server Module 4.3	*
SUSE	SUSE Manager Server Module 4.3	?
SUSE	Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1	?
SUSE	Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1	?
SUSE	SUSE Manager Server Module 4.3	?
SUSE	Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1	?

Timeline

May 26, 2025 CVE Published
May 26, 2025 PoC Published
May 26, 2025 PoC Published
May 26, 2025 PoC Published
May 27, 2025 EPSS Score
May 27, 2025 Coalition ESS Score
May 28, 2025 Coalition ESS Score
Jun 7, 2025 EPSS Score
Jun 18, 2025 EPSS Score
Jun 29, 2025 EPSS Score
Jul 10, 2025 EPSS Score
Jul 21, 2025 EPSS Score

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23392 url

Open in Interactive Console →