CVE-2011-3344

CWE-79 — Cross-site Scripting (XSS)6 documents6 sources

Severity

5.4MEDIUM

EPSS

0.4%

top 40.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Spacewalk

Timeline

PublishedFeb 5

Latest updateMay 17

Description

A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting (XSS) vulnerability in the Lookup Login/Password form by injecting arbitrary web script or HTML via the URI. This can lead to information disclosure or unauthorized actions within the user's browser session.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

▶NVDredhat/spacewalk1.6

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-fvhw-hg3x-xxxp: Cross-site scripting (XSS) vulnerability in the Lookup Login/Password form in Spacewalk 1↗2022-05-17

▶

CVEList

Spacewalk: spacewalk: cross-site scripting via uri in lookup login/password form↗2014-02-05

▶

💥Exploits & PoCs

Exploit-DB

ZipGenius 6.3.2.3000 - '.zip' Local Buffer Overflow↗2011-07-08

▶

📋Vendor Advisories

Red Hat

CVE-2011-3344: A flaw was found in Spacewalk↗2014-02-05

▶

💬Community

Bugzilla

CVE-2011-3344 Satellite/Spacewalk: XSS on the Lost Password page↗2011-08-18

▶