Lucene search

K
redhatcveRedhat.comRH:CVE-2018-16887
HistoryDec 26, 2018 - 8:53 p.m.

CVE-2018-16887

2018-12-2620:53:09
redhat.com
access.redhat.com
7

0.001 Low

EPSS

Percentile

23.9%

A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users.

0.001 Low

EPSS

Percentile

23.9%