Lucene search

K
osvGoogleOSV:GHSA-MHHC-R88H-2QRM
HistoryMay 14, 2022 - 1:03 a.m.

katello Cross-site Scripting vulnerability

2022-05-1401:03:18
Google
osv.dev
6

0.001 Low

EPSS

Percentile

23.9%

A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before 3.9.0 are vulnerable.

0.001 Low

EPSS

Percentile

23.9%