9 matches found
CVE-2015-0284
CVE-2015-0284 describes a cross-site scripting (XSS) vulnerability in spacewalk-java used by Spacewalk and Red Hat Satellite 5.7. The issue allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details, and is noted as a co...
CVE-2013-4415
CVE-2013-4415 affects Red Hat Satellite/Spacewalk (Spacewalk 5.6 and RHN Satellite). The connected sources describe multiple cross-site scripting (XSS) vulnerabilities in the Red Hat Satellite web interface, enabling remote attackers to inject arbitrary web script or HTML via numerous parameters ...
CVE-2014-3595
CVE-2014-3595 affects spacewalk-java components (versions 1.2.39, 1.7.54, 2.0.2) used by Spacewalk/RHN Satellite 5.4–5.6. Root cause: a stored XSS flaw where a crafted request, not properly sanitized during logging, allows injection of arbitrary HTML/JS into the log view page. Impact: remote atta...
CVE-2014-3654
CVE-2014-3654 affects spacewalk-java 2.0.2 used in Spacewalk and RHN Satellite (Spacewalk 2.x). The issue is stored XSS via multiple endpoints: kickstart/cobbler/CustomSnippetList.do, channels/software/Entitlements.do, and admin/multiorg/OrgUsers.do. Affected products report XSS in spacewalk-java...
CVE-2013-1869
CVE-2013-1869 affects spacewalk-java before 2.1.148-1 and Red Hat Network Satellite 5.6, allowing remote header injection via the return_url parameter that can enable HTTP response splitting and XSS. Responsible updates are in RHSA-2014:0148 (spacewalk-java, spacewalk-web, satellite-branding); ap...
CVE-2016-3079
CVE-2016-3079 covers multiple XSS vulnerabilities in the Web UI of Spacewalk and Red Hat Satellite 5.7, exploitable via several vectors in SystemEntitlements.do, EntitlementDetails.do, and System Set Manager components. The connected records indicate mitigations/patches exist: Red Hat issued RHSA...
CVE-2009-4139
The CVE-2009-4139 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in Spacewalk’s spacewalk-java (version 1.2.39) used by Red Hat Network Satellite server (5.3.0–5.4.1) and related products. The issue allows an attacker, by deceiving an authenticated user, to hijack that user’s s...
CVE-2012-6149
CVE-2012-6149 describes multiple XSS vulnerabilities in Spacewalk/RHN Satellite 5.6 via notes.jsp (subject/content) that allow an authenticated or remote attacker to inject scripts in the notes system.addNote XML-RPC flow. Connected sources identify Spacewalk 5.6 as affected and describe the root...
CVE-2010-2236
The CVE-2010-2236 issue concerns the monitoring probe display in spacewalk-java (before 2.1.148-1) and RHN Satellite (4.0.0–4.2.0, 5.1.0–5.3.0) and Proxy 5.3.0. It allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors,...