katello is vulnerable to cross-site scripting. Multiple XSS in various entities allow an attacker to inject and execute arbitary Javascript in a user’s browser.
access.redhat.com/documentation/en-US/Red_Hat_Satellite/
access.redhat.com/errata/RHEA-2014:1175
access.redhat.com/security/cve/cve-2013-2101
access.redhat.com/security/cve/cve-2013-2101
access.redhat.com/site/documentation/
bugzilla.redhat.com/show_bug.cgi?id=963568
bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2101
bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2101