CVE-2017-9332 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-9332 Interim 1 15 2022-09-25T00:19:20Z current 2021-05-30T13:57:11Z 2022-09-25T00:19:20Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-9332 The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE Linux Enterprise Workstation Extension 15 SP2 libmwaw libmwaw-0_3-3 libmwaw-0_3-3 as a component of SUSE Linux Enterprise Workstation Extension 15 SP2 libmwaw as a component of SUSE Linux Enterprise Workstation Extension 15 SP2 The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag. CVE-2017-9332 SUSE Linux Enterprise Workstation Extension 15 SP2:libmwaw SUSE Linux Enterprise Workstation Extension 15 SP2:libmwaw-0_3-3 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N