3 matches found
CVE-2024-53679
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevate...
CVE-2024-53679
CVE-2024-53679 is an Apache VCL XSS in the User Lookup form. The issue is caused by improper neutralization of input during web page generation, allowing a user with sufficient rights to craft or click a URL that can elevate privileges for a specified user. Affected software: Apache VCL up to ver...
Satellite/Spacewalk: XSS on the Lost Password page
Cross-site scripting XSS vulnerability in the Lookup Login/Password form in Spacewalk 1.6, as used in Red Hat Network RHN Satellite, allows remote attackers to inject arbitrary web script or HTML via the URI...