XSS in Redhat Satellite
CVE-2014-7812
Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.002 (43.4th percentile) — read the EPSS interpretation.
Affected products
- Redhat Satellite — versions 5.6
- Redhat Spacewalk
- Suse Manager — versions 1.7
- N/a — versions n/a
Weakness classification (CWE)
References
- RHSA-2015:0033 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- 62183 (x_refsource_SECUNIA, third-party-advisory)
- SUSE-SU-2015:0928 (vendor-advisory, x_refsource_SUSE)