XSS in Redhat Satellite

CVE-2013-4415

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) en…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (56.3th percentile) — read the EPSS interpretation.

Affected products

Redhat Satellite — versions 5.6
Redhat Satellite_5_managed_db — versions 5.6
Redhat Spacewalk-java
Redhat Spacewalk-web
Suse Manager — versions 1.7
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

secalert@redhat.com (x_refsource_CONFIRM, Issue Tracking, Vendor Advisory)
56952 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
RHSA-2014:0148 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
SUSE-SU-2014:0222 (vendor-advisory, x_refsource_SUSE, Vendor Advisory)