Spacewalk Web-UI and Red Hat Satellite 5.7 is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists because it does not properly sanitize parameters in systems/SystemEntitlements.do; and admin/multiorg/EntitlementDetails.do, allowing the attacker to inject arbitrary script.
rhn.redhat.com/errata/RHSA-2016-0590.html
access.redhat.com/errata/RHSA-2016:0590
access.redhat.com/security/cve/CVE-2016-3079
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1181152
bugzilla.redhat.com/show_bug.cgi?id=1313515
bugzilla.redhat.com/show_bug.cgi?id=1313517
bugzilla.redhat.com/show_bug.cgi?id=1320444
bugzilla.redhat.com/show_bug.cgi?id=1320452
bugzilla.redhat.com/show_bug.cgi?id=1320940
github.com/spacewalkproject/spacewalk/commit/7920542f
github.com/spacewalkproject/spacewalk/commit/7b9ff9ad
github.com/spacewalkproject/spacewalk/commit/982b11c9
github.com/spacewalkproject/spacewalk/commit/b6491eba
rhn.redhat.com/errata/RHSA-2016-0590.html