XSS in Redhat Network_satellite

CVE-2014-7811

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (40.0th percentile) — read the EPSS interpretation.

Affected products

Redhat Network_satellite
Redhat Spacewalk
Suse Manager — versions 1.7
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

RHSA-2015:0033 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
62183 (x_refsource_SECUNIA, third-party-advisory)
SUSE-SU-2015:0928 (vendor-advisory, x_refsource_SUSE)