XSS in Redhat Satellite

CVE-2012-6149

Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (48.7th percentile) — read the EPSS interpretation.

Affected products

Redhat Satellite — versions 5.6
Redhat Satellite_5_managed_db — versions 5.6
Redhat Spacewalk-java — versions 2.0.2-57
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
secalert@redhat.com (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
56952 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
RHSA-2014:0148 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
SUSE-SU-2014:0222 (vendor-advisory, x_refsource_SUSE, Vendor Advisory)