spacewalk-java is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists through multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.
lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html
rhn.redhat.com/errata/RHSA-2015-0033.html
secunia.com/advisories/62183
access.redhat.com/documentation/en-US/Red_Hat_Satellite/5.7/
access.redhat.com/errata/RHSA-2015:0033
access.redhat.com/security/cve/CVE-2014-7811
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1156299
rhn.redhat.com/errata/RHSA-2015-0033.html