spacewalk-web is vulnerable to cross-site scripting (XSS). The vulnerability exists as an authenticated RHN Satellite user could use this flaw to perform a cross-site scripting attack against other authenticated users who are using the RHN Satellite web interface.
secunia.com/advisories/47162
www.redhat.com/support/errata/RHSA-2011-1794.html
www.securityfocus.com/bid/50963
www.securitytracker.com/id?1026391
access.redhat.com/errata/RHSA-2011:1794
access.redhat.com/security/cve/CVE-2011-4346
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=742050