CVE-2011-2920

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
5.5MEDIUM
EPSS
0.5%
top 34.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Spacewalk
Timeline
PublishedFeb 5
Latest updateMay 17

Description

A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through various input fields, such as the "Filter by Synopsis" field. This could lead to the execution of malicious code in a user's web browser, potentially compromising user sessions or disclosing sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages1 packages

Patches

Patch: www.redhat.comPatch: www.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-pqp9-2cmp-fx98: Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 12022-05-17
CVEList
Spacewalk: spacewalk: cross-site scripting vulnerability allows arbitrary web script execution.2014-02-05

📋Vendor Advisories

1
Red Hat
CVE-2011-2920: A flaw was found in Spacewalk and Red Hat Network Satellite2014-02-05

💬Community

1
Bugzilla
CVE-2011-2920 Satellite: XSS flaw(s) in filter handling2011-02-28