VDB

CVE-2025-23393

CVE-2025-23393 PUBLISHED CVSS 5.199999809265137 MEDIUM

A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in  spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; SUSE Manager Server Module 4.3: from ? before 4.3.85-150400.3.105.3.

EPSS 0.25% · 48.6th percentile

Risk Scores

CVSS v3.1
5.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
EPSS Score
0.25%
48.6th percentile

Affected Products

VendorProductVersions
SUSEContainer suse/manager/5.0/x86_64/server:5.0.4.7.19.1*
SUSESUSE Manager Server Module 4.3?

Timeline

  • May 27, 2025 EPSS Score
  • May 27, 2025 Coalition ESS Score
  • May 27, 2025 CVE Published
  • May 27, 2025 PoC Published
  • May 27, 2025 PoC Published
  • May 27, 2025 PoC Published
  • May 28, 2025 Coalition ESS Score
  • Jun 7, 2025 EPSS Score
  • Jun 18, 2025 EPSS Score
  • Jun 29, 2025 EPSS Score
  • Jul 10, 2025 EPSS Score
  • Jul 21, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›