We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely.
Reserved 2023-05-04 | Published 2024-10-16 | Updated 2024-10-16 | Assigner suseCWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page
https://github.com/diego95root
https://github.com/kujalamathias
bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32193
github.com/...norman/security/advisories/GHSA-r8f4-hv23-6qp6
Support options