{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2011-2226","title":"Title"},{"category":"description","text":"Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2011-2226","url":"https://www.suse.com/security/cve/CVE-2011-2226"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"Advisory link for SUSE-SU-2011:0917-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/I57VT5F524VIYHTZ7FTSO52PZYETABZI/#I57VT5F524VIYHTZ7FTSO52PZYETABZI"},{"category":"external","summary":"Advisory link for SUSE-SU-2011:1324-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AFPYNKHCHHUNVIQ5CZZPJACWKTI4OAO5/#AFPYNKHCHHUNVIQ5CZZPJACWKTI4OAO5"}],"title":"SUSE CVE CVE-2011-2226","tracking":{"current_release_date":"2025-04-25T13:49:58Z","generator":{"date":"2023-02-15T05:52:53Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2011-2226","initial_release_date":"2023-02-15T05:52:53Z","revision_history":[{"date":"2023-02-15T05:52:53Z","number":"2","summary":"Current version"},{"date":"2023-12-08T05:05:43Z","number":"3","summary":"Current version"},{"date":"2023-12-09T03:30:28Z","number":"4","summary":"Current version"},{"date":"2024-10-14T07:18:11Z","number":"5","summary":"Current version"},{"date":"2025-03-14T07:47:26Z","number":"6","summary":"Current version"},{"date":"2025-03-16T14:19:06Z","number":"7","summary":"Current version"},{"date":"2025-04-25T13:49:58Z","number":"8","summary":"Current version"}],"status":"interim","version":"8"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Studio Onsite 1.3","product":{"name":"SUSE Studio Onsite 1.3","product_id":"SUSE Studio Onsite 1.3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-studioonsite:1.3"}}},{"category":"product_name","name":"SUSE Studio Onsite Runner 1.2","product":{"name":"SUSE Studio Onsite Runner 1.2","product_id":"SUSE Studio Onsite Runner 1.2","product_identification_helper":{"cpe":"cpe:/o:suse:suse-studio-onsite-runner:1.2"}}},{"category":"product_version","name":"kiwi4-4.85.1-0.22.9","product":{"name":"kiwi4-4.85.1-0.22.9","product_id":"kiwi4-4.85.1-0.22.9","product_identification_helper":{"purl":"pkg:rpm/suse/kiwi4@4.85.1-0.22.9?upstream=kiwi4-4.85.1-0.22.9.src.rpm"}}},{"category":"product_version","name":"kiwi4-desc-oemboot-4.85.1-0.22.9","product":{"name":"kiwi4-desc-oemboot-4.85.1-0.22.9","product_id":"kiwi4-desc-oemboot-4.85.1-0.22.9","product_identification_helper":{"purl":"pkg:rpm/suse/kiwi4-desc-oemboot@4.85.1-0.22.9?upstream=kiwi4-4.85.1-0.22.9.src.rpm"}}},{"category":"product_version","name":"kiwi4-desc-vmxboot-4.85.1-0.22.9","product":{"name":"kiwi4-desc-vmxboot-4.85.1-0.22.9","product_id":"kiwi4-desc-vmxboot-4.85.1-0.22.9","product_identification_helper":{"purl":"pkg:rpm/suse/kiwi4-desc-vmxboot@4.85.1-0.22.9?upstream=kiwi4-4.85.1-0.22.9.src.rpm"}}},{"category":"product_version","name":"kiwi4-tools-4.85.1-0.22.9","product":{"name":"kiwi4-tools-4.85.1-0.22.9","product_id":"kiwi4-tools-4.85.1-0.22.9","product_identification_helper":{"purl":"pkg:rpm/suse/kiwi4-tools@4.85.1-0.22.9?upstream=kiwi4-4.85.1-0.22.9.src.rpm"}}},{"category":"product_version","name":"susestudio","product":{"name":"susestudio","product_id":"susestudio","product_identification_helper":{"cpe":"cpe:2.3:a:suse:studio_onsite:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/susestudio@?upstream=susestudio.src.rpm"}}},{"category":"product_version","name":"susestudio-1.2.1-0.26.1","product":{"name":"susestudio-1.2.1-0.26.1","product_id":"susestudio-1.2.1-0.26.1","product_identification_helper":{"cpe":"cpe:2.3:a:suse:studio_onsite:1.2.1:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/susestudio@1.2.1-0.26.1?upstream=susestudio-1.2.1-0.26.1.src.rpm"}}},{"category":"product_version","name":"susestudio-bundled-packages","product":{"name":"susestudio-bundled-packages","product_id":"susestudio-bundled-packages","product_identification_helper":{"cpe":"cpe:2.3:a:suse:studio_onsite:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/susestudio-bundled-packages@?upstream=susestudio.src.rpm"}}},{"category":"product_version","name":"susestudio-common","product":{"name":"susestudio-common","product_id":"susestudio-common","product_identification_helper":{"cpe":"cpe:2.3:a:suse:studio_onsite:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/susestudio-common@?upstream=susestudio.src.rpm"}}},{"category":"product_version","name":"susestudio-common-1.2.1-0.26.1","product":{"name":"susestudio-common-1.2.1-0.26.1","product_id":"susestudio-common-1.2.1-0.26.1","product_identification_helper":{"cpe":"cpe:2.3:a:suse:studio_onsite:1.2.1:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/susestudio-common@1.2.1-0.26.1?upstream=susestudio-1.2.1-0.26.1.src.rpm"}}},{"category":"product_version","name":"susestudio-image-helpers-1.2.1-0.3.3","product":{"name":"susestudio-image-helpers-1.2.1-0.3.3","product_id":"susestudio-image-helpers-1.2.1-0.3.3","product_identification_helper":{"purl":"pkg:rpm/suse/susestudio-image-helpers@1.2.1-0.3.3?upstream=susestudio-image-helpers-1.2.1-0.3.3.src.rpm"}}},{"category":"product_version","name":"susestudio-runner","product":{"name":"susestudio-runner","product_id":"susestudio-runner","product_identification_helper":{"cpe":"cpe:2.3:a:suse:studio_onsite:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/susestudio-runner@?upstream=susestudio.src.rpm"}}},{"category":"product_version","name":"susestudio-runner-1.2.1-0.26.1","product":{"name":"susestudio-runner-1.2.1-0.26.1","product_id":"susestudio-runner-1.2.1-0.26.1","product_identification_helper":{"cpe":"cpe:2.3:a:suse:studio_onsite:1.2.1:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/susestudio-runner@1.2.1-0.26.1?upstream=susestudio-1.2.1-0.26.1.src.rpm"}}},{"category":"product_version","name":"susestudio-sid","product":{"name":"susestudio-sid","product_id":"susestudio-sid","product_identification_helper":{"cpe":"cpe:2.3:a:suse:studio_onsite:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/susestudio-sid@?upstream=susestudio.src.rpm"}}},{"category":"product_version","name":"susestudio-ui-server","product":{"name":"susestudio-ui-server","product_id":"susestudio-ui-server","product_identification_helper":{"cpe":"cpe:2.3:a:suse:studio_onsite:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/susestudio-ui-server@?upstream=susestudio.src.rpm"}}},{"category":"product_version","name":"susestudio-ui-server-1.2.1-0.26.1","product":{"name":"susestudio-ui-server-1.2.1-0.26.1","product_id":"susestudio-ui-server-1.2.1-0.26.1","product_identification_helper":{"cpe":"cpe:2.3:a:suse:studio_onsite:1.2.1:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/susestudio-ui-server@1.2.1-0.26.1?upstream=susestudio-1.2.1-0.26.1.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kiwi4-4.85.1-0.22.9 as component of SUSE Studio Onsite Runner 1.2","product_id":"SUSE Studio Onsite Runner 1.2:kiwi4-4.85.1-0.22.9"},"product_reference":"kiwi4-4.85.1-0.22.9","relates_to_product_reference":"SUSE Studio Onsite Runner 1.2"},{"category":"default_component_of","full_product_name":{"name":"kiwi4-desc-oemboot-4.85.1-0.22.9 as component of SUSE Studio Onsite Runner 1.2","product_id":"SUSE Studio Onsite Runner 1.2:kiwi4-desc-oemboot-4.85.1-0.22.9"},"product_reference":"kiwi4-desc-oemboot-4.85.1-0.22.9","relates_to_product_reference":"SUSE Studio Onsite Runner 1.2"},{"category":"default_component_of","full_product_name":{"name":"kiwi4-desc-vmxboot-4.85.1-0.22.9 as component of SUSE Studio Onsite Runner 1.2","product_id":"SUSE Studio Onsite Runner 1.2:kiwi4-desc-vmxboot-4.85.1-0.22.9"},"product_reference":"kiwi4-desc-vmxboot-4.85.1-0.22.9","relates_to_product_reference":"SUSE Studio Onsite Runner 1.2"},{"category":"default_component_of","full_product_name":{"name":"kiwi4-tools-4.85.1-0.22.9 as component of SUSE Studio Onsite Runner 1.2","product_id":"SUSE Studio Onsite Runner 1.2:kiwi4-tools-4.85.1-0.22.9"},"product_reference":"kiwi4-tools-4.85.1-0.22.9","relates_to_product_reference":"SUSE Studio Onsite Runner 1.2"},{"category":"default_component_of","full_product_name":{"name":"susestudio-1.2.1-0.26.1 as component of SUSE Studio Onsite Runner 1.2","product_id":"SUSE Studio Onsite Runner 1.2:susestudio-1.2.1-0.26.1"},"product_reference":"susestudio-1.2.1-0.26.1","relates_to_product_reference":"SUSE Studio Onsite Runner 1.2"},{"category":"default_component_of","full_product_name":{"name":"susestudio-common-1.2.1-0.26.1 as component of SUSE Studio Onsite Runner 1.2","product_id":"SUSE Studio Onsite Runner 1.2:susestudio-common-1.2.1-0.26.1"},"product_reference":"susestudio-common-1.2.1-0.26.1","relates_to_product_reference":"SUSE Studio Onsite Runner 1.2"},{"category":"default_component_of","full_product_name":{"name":"susestudio-image-helpers-1.2.1-0.3.3 as component of SUSE Studio Onsite Runner 1.2","product_id":"SUSE Studio Onsite Runner 1.2:susestudio-image-helpers-1.2.1-0.3.3"},"product_reference":"susestudio-image-helpers-1.2.1-0.3.3","relates_to_product_reference":"SUSE Studio Onsite Runner 1.2"},{"category":"default_component_of","full_product_name":{"name":"susestudio-runner-1.2.1-0.26.1 as component of SUSE Studio Onsite Runner 1.2","product_id":"SUSE Studio Onsite Runner 1.2:susestudio-runner-1.2.1-0.26.1"},"product_reference":"susestudio-runner-1.2.1-0.26.1","relates_to_product_reference":"SUSE Studio Onsite Runner 1.2"},{"category":"default_component_of","full_product_name":{"name":"susestudio-ui-server-1.2.1-0.26.1 as component of SUSE Studio Onsite Runner 1.2","product_id":"SUSE Studio Onsite Runner 1.2:susestudio-ui-server-1.2.1-0.26.1"},"product_reference":"susestudio-ui-server-1.2.1-0.26.1","relates_to_product_reference":"SUSE Studio Onsite Runner 1.2"},{"category":"default_component_of","full_product_name":{"name":"susestudio as component of SUSE Studio Onsite 1.3","product_id":"SUSE Studio Onsite 1.3:susestudio"},"product_reference":"susestudio","relates_to_product_reference":"SUSE Studio Onsite 1.3"},{"category":"default_component_of","full_product_name":{"name":"susestudio-bundled-packages as component of SUSE Studio Onsite 1.3","product_id":"SUSE Studio Onsite 1.3:susestudio-bundled-packages"},"product_reference":"susestudio-bundled-packages","relates_to_product_reference":"SUSE Studio Onsite 1.3"},{"category":"default_component_of","full_product_name":{"name":"susestudio-common as component of SUSE Studio Onsite 1.3","product_id":"SUSE Studio Onsite 1.3:susestudio-common"},"product_reference":"susestudio-common","relates_to_product_reference":"SUSE Studio Onsite 1.3"},{"category":"default_component_of","full_product_name":{"name":"susestudio-runner as component of SUSE Studio Onsite 1.3","product_id":"SUSE Studio Onsite 1.3:susestudio-runner"},"product_reference":"susestudio-runner","relates_to_product_reference":"SUSE Studio Onsite 1.3"},{"category":"default_component_of","full_product_name":{"name":"susestudio-sid as component of SUSE Studio Onsite 1.3","product_id":"SUSE Studio Onsite 1.3:susestudio-sid"},"product_reference":"susestudio-sid","relates_to_product_reference":"SUSE Studio Onsite 1.3"},{"category":"default_component_of","full_product_name":{"name":"susestudio-ui-server as component of SUSE Studio Onsite 1.3","product_id":"SUSE Studio Onsite 1.3:susestudio-ui-server"},"product_reference":"susestudio-ui-server","relates_to_product_reference":"SUSE Studio Onsite 1.3"}]},"vulnerabilities":[{"cve":"CVE-2011-2226","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2011-2226"}],"notes":[{"category":"general","text":"Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing.","title":"CVE description"}],"product_status":{"known_affected":["SUSE Studio Onsite 1.3:susestudio","SUSE Studio Onsite 1.3:susestudio-bundled-packages","SUSE Studio Onsite 1.3:susestudio-common","SUSE Studio Onsite 1.3:susestudio-runner","SUSE Studio Onsite 1.3:susestudio-sid","SUSE Studio Onsite 1.3:susestudio-ui-server"],"recommended":["SUSE Studio Onsite Runner 1.2:kiwi4-4.85.1-0.22.9","SUSE Studio Onsite Runner 1.2:kiwi4-desc-oemboot-4.85.1-0.22.9","SUSE Studio Onsite Runner 1.2:kiwi4-desc-vmxboot-4.85.1-0.22.9","SUSE Studio Onsite Runner 1.2:kiwi4-tools-4.85.1-0.22.9","SUSE Studio Onsite Runner 1.2:susestudio-1.2.1-0.26.1","SUSE Studio Onsite Runner 1.2:susestudio-common-1.2.1-0.26.1","SUSE Studio Onsite Runner 1.2:susestudio-image-helpers-1.2.1-0.3.3","SUSE Studio Onsite Runner 1.2:susestudio-runner-1.2.1-0.26.1","SUSE Studio Onsite Runner 1.2:susestudio-ui-server-1.2.1-0.26.1"]},"references":[{"category":"external","summary":"CVE-2011-2226","url":"https://www.suse.com/security/cve/CVE-2011-2226"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"Advisory link for SUSE-SU-2011:0917-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/I57VT5F524VIYHTZ7FTSO52PZYETABZI/#I57VT5F524VIYHTZ7FTSO52PZYETABZI"},{"category":"external","summary":"Advisory link for SUSE-SU-2011:1324-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AFPYNKHCHHUNVIQ5CZZPJACWKTI4OAO5/#AFPYNKHCHHUNVIQ5CZZPJACWKTI4OAO5"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Studio Onsite Runner 1.2:kiwi4-4.85.1-0.22.9","SUSE Studio Onsite Runner 1.2:kiwi4-desc-oemboot-4.85.1-0.22.9","SUSE Studio Onsite Runner 1.2:kiwi4-desc-vmxboot-4.85.1-0.22.9","SUSE Studio Onsite Runner 1.2:kiwi4-tools-4.85.1-0.22.9","SUSE Studio Onsite Runner 1.2:susestudio-1.2.1-0.26.1","SUSE Studio Onsite Runner 1.2:susestudio-common-1.2.1-0.26.1","SUSE Studio Onsite Runner 1.2:susestudio-image-helpers-1.2.1-0.3.3","SUSE Studio Onsite Runner 1.2:susestudio-runner-1.2.1-0.26.1","SUSE Studio Onsite Runner 1.2:susestudio-ui-server-1.2.1-0.26.1"]}],"threats":[{"category":"impact","date":"2013-06-28T06:04:17Z","details":"moderate"}],"title":"CVE-2011-2226"}]}