XSS in Redhat Satellite
CVE-2014-3654
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (53.8th percentile) — read the EPSS interpretation.
Affected products
- Redhat Satellite — versions 5.5, 5.6
- Redhat Satellite_with_embedded_oracle — versions 5.5
- Redhat Spacewalk-java — versions 2.0.2
- Suse Manager — versions 1.7
- Suse Manager_server
- Suse Suse_linux_enterprise_server — versions 11
- N/a — versions n/a
Weakness classification (CWE)
References
- 60976 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- 62027 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- SUSE-SU-2014:1339 (vendor-advisory, Patch, Mailing List, x_refsource_SUSE, Vendor Advisory)
- SUSE-SU-2014:1342 (vendor-advisory, Patch, Mailing List, x_refsource_SUSE, Vendor Advisory)
- RHSA-2014:1762 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)