CVE-2024-49502
CVSS 3.1 Score 3.5 of 10 (low)
Details
Summary
CVE-2024-49502 is a Cross-site Scripting (XSS) vulnerability impacting the Setup Wizard in SUSE Manager, specifically the HTTP Proxy credentials pane in versions before 5.0.15-150600.3.10.2 and SUSE Manager Server Module 4.3 before 4.3.42-150400.3.52.1. Attackers can exploit this issue by crafting malicious URLs and luring users into clicking them. Upon doing so, the attacker can inject malicious code into the user's web session, potentially stealing sensitive information or taking control of the session. This poses a significant risk to users, emphasizing the importance of prompt patching to mitigate the threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.