DescriptionCross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted pattern name that is included in an RPM info display.
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
|National Vulnerability Database|
- SUSE-SU-2011:0917-1, published Thu, 18 Aug 2011 09:08:24 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE Studio Onsite 1.1 [Appliance - Studio]|| ||
SAT Patch Nr: 4998
Status of this issue by product and package
|SUSE Lifecycle Management Server 1.3||kiwi||Released|
|SUSE Linux Enterprise SDK 11 SP1||kiwi||Released|