Cross-site Scripting (XSS)

spacewalk is vulnerable to cross-site scripting XSS. The vulnerability exists as remotely authenticated users can inject arbitrary web script through the System Groups field...

(spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note's subject and content

Multiple cross-site scripting XSS vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network RHN Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 subject or 2 content values of a note in a system.addNote XML-RPC call...