spacewalk-java: Multiple XSS flaws

A stored cross-site scripting XSS flaw was found in the way spacewalk-java displayed group names. An attacker can embed HTML and Javascript in the values for group names in Satellite, allowing them to inject malicious content into the web page that is then displayed when viewing the snapshot data...

Moderate: Red Hat Security Advisory: spacewalk-java security and bug fix update

An update for spacewalk-java is now available for Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

spacewalk-monitoring: XSS issue in monitoring probe

A stored cross-site scripting XSS flaw was found in the way spacewalk-java displayed monitoring probes. An attacker can embed HTML and Javascript in the values for RHNMD User or Filesystem parameters in Satellite, allowing them to inject malicious content into the web page that is then displayed...

Red Hat Spacewalk Monitoring Cross-Site Scripting Vulnerability

Red Hat Spacewalk is an open source Linux system management solution from Red Hat, and Spacewalk Monitoring is one of the configuration tools. A cross-site scripting vulnerability exists in Red Hat Spacewalk Monitoring, which can be exploited by an attacker to inject arbitrary web script or HTML...

Red Hat RHN Satellite Spacewalk-Java Cross-Site Scripting Vulnerability

Red Hat Network Satellite RHN Satellite, Red Hat Network Satellite is the United States Red Hat Red Hat a set of system management platform. spacewalk-Java is a set of Java language written and based on the Red Hat Network Satellite development of open-source Linux system management solution. A...

CVE-2016-3079

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to systems/SystemEntitlements.do; 2 the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to systems/SystemEntitlements.do; 2 the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a...

Cross site scripting

Cross-site scripting XSS vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for...

CVE-2015-0284

CVE-2015-0284 describes a cross-site scripting (XSS) vulnerability in spacewalk-java used by Spacewalk and Red Hat Satellite 5.7. The issue allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details, and is noted as a co...

CVE-2016-3079

CVE-2016-3079 covers multiple XSS vulnerabilities in the Web UI of Spacewalk and Red Hat Satellite 5.7, exploitable via several vectors in SystemEntitlements.do, EntitlementDetails.do, and System Set Manager components. The connected records indicate mitigations/patches exist: Red Hat issued RHSA...

CVE-2016-3079

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to systems/SystemEntitlements.do; 2 the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a...

CVE-2015-0284

Cross-site scripting XSS vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for...

PT-2016-3556 · Red Hat · Spacewalk +1

Name of the Vulnerable Software and Affected Versions: Spacewalk and Red Hat Satellite version 5.7 Description: A cross-site scripting XSS issue exists, allowing remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details...

Red Hat Satellite and Spacewalk Cross-Site Scripting Vulnerability

Red Hat Network Satellite RHN Satellite, Red Hat Network Satellite is the United States Red Hat Red Hat company's set of system management platform. spacewalk is based on the Red Hat Network Satellite and the development of a set of open source Linux system management solutions. Red Hat Satellite...

Red Hat Satellite and Spacewalk Cross-Site Scripting Vulnerability (CNVD-2015-03621)

Red Hat Network Satellite RHN Satellite, Red Hat Network Satellite is the United States Red Hat Red Hat company's set of system management platform. spacewalk is based on the Red Hat Network Satellite and the development of a set of open source Linux system management solutions. A cross-site...

Spacewalk and Red Hat Network (RHN) Satellite XXE Attack File Read Vulnerability

Spacewalk is a system management solution for Linux and Solaris.Red Hat Network Satellite is a system management tool based on the Linux architecture. An XML external entity vulnerability exists in the Spacewalk and Red Hat Network RHN Satellite RPC interface, which could be exploited by a remote...

CVE-2014-8162

XML external entity XXE in the RPC interface in Spacewalk and Red Hat Network RHN Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors...

Xxe

XML external entity XXE in the RPC interface in Spacewalk and Red Hat Network RHN Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors...

CVE-2014-8162

Summary: CVE-2014-8162 describes an XML External Entity (XXE) vulnerability in the RPC interface of Spacewalk and Red Hat Network (RHN) Satellite, affecting version 5.7 and earlier. The issue allows a remote attacker to read arbitrary files and potentially other unspecified impact via unknown vec...

CVE-2014-8162

XML external entity XXE in the RPC interface in Spacewalk and Red Hat Network RHN Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors...