4 matches found
CVE-2013-4415
CVE-2013-4415 affects Red Hat Satellite/Spacewalk (Spacewalk 5.6 and RHN Satellite). The connected sources describe multiple cross-site scripting (XSS) vulnerabilities in the Red Hat Satellite web interface, enabling remote attackers to inject arbitrary web script or HTML via numerous parameters ...
CVE-2014-3595
CVE-2014-3595 affects spacewalk-java components (versions 1.2.39, 1.7.54, 2.0.2) used by Spacewalk/RHN Satellite 5.4–5.6. Root cause: a stored XSS flaw where a crafted request, not properly sanitized during logging, allows injection of arbitrary HTML/JS into the log view page. Impact: remote atta...
CVE-2013-1869
CVE-2013-1869 affects spacewalk-java before 2.1.148-1 and Red Hat Network Satellite 5.6, allowing remote header injection via the return_url parameter that can enable HTTP response splitting and XSS. Responsible updates are in RHSA-2014:0148 (spacewalk-java, spacewalk-web, satellite-branding); ap...
CVE-2014-3654
CVE-2014-3654 affects spacewalk-java 2.0.2 used in Spacewalk and RHN Satellite (Spacewalk 2.x). The issue is stored XSS via multiple endpoints: kickstart/cobbler/CustomSnippetList.do, channels/software/Entitlements.do, and admin/multiorg/OrgUsers.do. Affected products report XSS in spacewalk-java...