Lucene search

K

PRIOn knowledge basePRION:CVE-2016-3079

HistoryApr 14, 2016 - 2:59 p.m.

Cross site scripting

2016-04-1414:59:00

PRIOn knowledge base

www.prio-n.com

6

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).

CPENameOperatorVersion
satelliteeq5.7

References

rhn.redhat.com/errata/RHSA-2016-0590.html

bugzilla.redhat.com/show_bug.cgi?id=1320444

bugzilla.redhat.com/show_bug.cgi?id=1320452

bugzilla.redhat.com/show_bug.cgi?id=1320940

github.com/spacewalkproject/spacewalk/commit/7920542f

github.com/spacewalkproject/spacewalk/commit/7b9ff9ad

github.com/spacewalkproject/spacewalk/commit/982b11c9

github.com/spacewalkproject/spacewalk/commit/b6491eba

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

Related for PRION:CVE-2016-3079

nvd2 veracode1 cve2 cvelist1 prion1 nessus1 redhat1