Lucene search

RedhatCVE-2013-1871

HistoryFeb 14, 2014 - 3:55 p.m.

CVE-2013-1871

2014-02-1415:55:04

CWE-79

redhat

web.nvd.nist.gov

cve-2013-1871

cross-site scripting

xss

spacewalk

red hat network

rhn satellite 5.6

security vulnerability

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

45.4%

JSON

Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.

Affected configurations

Nvd

Node

redhatsatelliteMatch5.6

VendorProductVersionCPE
redhatsatellite5.6cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	satellite	5.6	cpe:2.3:a:redhat:satellite:5.6:::::::*

References

osvdb.org/103211

rhn.redhat.com/errata/RHSA-2014-0148.html

secunia.com/advisories/56952

bugzilla.redhat.com/show_bug.cgi?id=923467

git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f

www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

45.4%

JSON

Related for CVE-2013-1871