CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
77.8%
Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions (aka the login box) in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse_swamp | * | cpe:2.3:a:novell:opensuse_swamp:*:*:*:*:*:*:*:* |
secunia.com/advisories/27390
swamp.svn.sourceforge.net/viewvc/swamp/trunk/swamp/webapps/webswamp/src/java/de/suse/swamp/modules/actions/LoginActions.java?r1=666&r2=700
www.osvdb.org/38203
www.securityfocus.com/archive/1/482733/100/0/threaded
www.securityfocus.com/bid/26198
exchange.xforce.ibmcloud.com/vulnerabilities/37399