Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network RHN Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 subject or 2 content values of a note in a system.addNote XML-RPC call...

CVE-2012-6149

Multiple cross-site scripting XSS vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network RHN Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 subject or 2 content values of a note in a system.addNote XML-RPC call...

CVE-2013-1871

Cross-site scripting XSS vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter...

CVE-2012-6149

CVE-2012-6149 describes multiple XSS vulnerabilities in Spacewalk/RHN Satellite 5.6 via notes.jsp (subject/content) that allow an authenticated or remote attacker to inject scripts in the notes system.addNote XML-RPC flow. Connected sources identify Spacewalk 5.6 as affected and describe the root...

CVE-2013-4415

Multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 whereCriteria variable in a software channels search; 2 endyear, 3 starthour, 4 endampm, 5 endday, 6 endhour, 7 endminute, 8...

CVE-2013-4415

CVE-2013-4415 affects Red Hat Satellite/Spacewalk (Spacewalk 5.6 and RHN Satellite). The connected sources describe multiple cross-site scripting (XSS) vulnerabilities in the Red Hat Satellite web interface, enabling remote attackers to inject arbitrary web script or HTML via numerous parameters ...

CVE-2013-1871

CVE-2013-1871 affects Spacewalk and Red Hat Network Satellite 5.6. The vulnerability is a Cross-Site Scripting (XSS) flaw in account/EditAddress.do that allows an attacker to inject arbitrary web script or HTML through the type parameter. Root cause is insufficient input sanitization in the web i...

Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)

Multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 whereCriteria variable in a software channels search; 2 endyear, 3 starthour, 4 endampm, 5 endday, 6 endhour, 7 endminute, 8...

Satellite/Spacewalk: header injection flaw

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via the returnurl parameter...

(spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note's subject and content

Multiple cross-site scripting XSS vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network RHN Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 subject or 2 content values of a note in a system.addNote XML-RPC call...

Satellite/Spacewalk: XSS in EditAddress page

Cross-site scripting XSS vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter...

CVE-2012-0059

A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the...

CVE-2011-2927

A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting XSS, allows remote attackers to inject malicious web scripts or HTML into web pages viewed by other users. The flaw is triggered through vectors related to Search forms, enabling attacke...

CVE-2011-2919

Cross-site scripting XSS vulnerability in Spacewalk 1.6, as used in Red Hat Network RHN Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page...

CVE-2011-2920

A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting XSS vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through various input fields, such as the "Filter by Synopsis" field. This could lead to the execution of malicio...

CVE-2011-1594

A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to redirect users to arbitrary web sites by manipulating a URL in the urlbounce parameter. This can enable attackers to conduct phishing attacks, potentially leading to...

Open redirect

Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network RHN Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the urlbounce parameter...

CVE-2011-2920

A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting XSS vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through various input fields, such as the "Filter by Synopsis" field. This could lead to the execution of malicio...

CVE-2011-1594

A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to redirect users to arbitrary web sites by manipulating a URL in the urlbounce parameter. This can enable attackers to conduct phishing attacks, potentially leading to...

Cross site scripting

Cross-site scripting XSS vulnerability in the Lookup Login/Password form in Spacewalk 1.6, as used in Red Hat Network RHN Satellite, allows remote attackers to inject arbitrary web script or HTML via the URI...