CVE-2011-2927

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 47.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Spacewalk

Timeline

PublishedFeb 5

Latest updateMay 17

Description

A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting (XSS), allows remote attackers to inject malicious web scripts or HTML into web pages viewed by other users. The flaw is triggered through vectors related to Search forms, enabling attackers to potentially steal sensitive information or perform actions on behalf of the victim.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

▶NVDredhat/spacewalk1.6

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-2738-x33m-p89q: Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1↗2022-05-17

▶

CVEList

Spacewalk: spacewalk and red hat network satellite: cross-site scripting vulnerability via search forms↗2014-02-05

▶

📋Vendor Advisories

Red Hat

CVE-2011-2927: A flaw was found in Spacewalk and Red Hat Network Satellite↗2014-02-05

▶

💬Community

Bugzilla

CVE-2011-2927 Satellite/Spacewalk: XSS flaw in channels search↗2011-08-16

▶