GHSA-46v3-ggjg-qq3x · Severity: medium · Ecosystem: go — Rancher UI has multiple Cross-Site Scripting (XSS) issues
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. This could result in a user with write access to the affected areas being able to act on behalf of an administrator, once an administrator opens the affected web page. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.
Conclusion & alert: CVE-2022-43760 is rated Moderate Risk (50.5/100): CVSS High severity, with low exploitation likelihood (EPSS 0.71%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.81% | 0.71% | -0.10% |
| 2 | 2026-06-09 | 1.35% | 0.81% | -0.54% |
| 3 | 2026-02-24 | — | 1.35% | — |
Full EPSS history (15 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 8.4 | 3.1 | HIGH |
|
1.7 | 6.0 | [email protected] |
| 8.4 | 3.1 | HIGH |
|
1.7 | 6.0 | [email protected] |
GHSA-46v3-ggjg-qq3x · Severity: medium · Ecosystem: go — Rancher UI has multiple Cross-Site Scripting (XSS) issues
| vendor | priority | summary | link |
|---|---|---|---|
suse
|
high | CVE-2022-43760 severity important: SUSE including 231 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 231 product×package rows across 1 product lines (chost): Known Affected 231. | https://www.suse.com/security/cve/CVE-2022-43760/ |
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=CVE-2022-43760 | Issue Tracking Vendor Advisory |
| https://github.com/rancher/rancher/security/advisories/GHSA-46v3-ggjg-qq3x | Vendor Advisory |