Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.
CPE | Name | Operator | Version |
---|---|---|---|
satellite | eq | 5.6 | |
satellite | eq | 5.5 | |
satellite_with_embedded_oracle | eq | 5.5 | |
spacewalk-java | eq | 2.0.2 | |
manager | eq | 1.7 |