Lucene search

K

[email protected]NVD:CVE-2012-6149

HistoryFeb 14, 2014 - 3:55 p.m.

CVE-2012-6149

2014-02-1415:55:04

CWE-79

[email protected]

web.nvd.nist.gov

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.9%

Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.

Affected configurations

NVD

Node

redhatsatelliteMatch5.6

OR

redhatsatellite_5_managed_dbMatch5.6

OR

redhatspacewalk-javaMatch2.0.2-57

References

rhn.redhat.com/errata/RHSA-2014-0148.html

secunia.com/advisories/56952

bugzilla.redhat.com/show_bug.cgi?id=882000

git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f

git.fedorahosted.org/cgit/spacewalk.git/commit/?id=1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85

www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.9%

Related for NVD:CVE-2012-6149

cvelist1 veracode4 prion1 cve1 redhat1 nessus1