Upstream information

CVE-2011-4193 at MITRE

Description

Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Studio Onsite Runner 1.2
  • kiwi4 >= 4.85.1-0.22.9
  • kiwi4-desc-oemboot >= 4.85.1-0.22.9
  • kiwi4-desc-vmxboot >= 4.85.1-0.22.9
  • kiwi4-tools >= 4.85.1-0.22.9
  • susestudio >= 1.2.1-0.26.1
  • susestudio-common >= 1.2.1-0.26.1
  • susestudio-image-helpers >= 1.2.1-0.3.3
  • susestudio-runner >= 1.2.1-0.26.1
  • susestudio-ui-server >= 1.2.1-0.26.1
Patchnames:
slestso12-susestudio-201112