2 matches found
CVE-2015-0284
CVE-2015-0284 describes a cross-site scripting (XSS) vulnerability in spacewalk-java used by Spacewalk and Red Hat Satellite 5.7. The issue allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details, and is noted as a co...
CVE-2016-3079
CVE-2016-3079 covers multiple XSS vulnerabilities in the Web UI of Spacewalk and Red Hat Satellite 5.7, exploitable via several vectors in SystemEntitlements.do, EntitlementDetails.do, and System Set Manager components. The connected records indicate mitigations/patches exist: Red Hat issued RHSA...