CVE-2012-6149

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

3.5LOW

EPSS

0.3%

top 51.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Satellite Redhat Satellite 5 Managed DB Redhat Spacewalk-java

Timeline

PublishedFeb 14

Latest updateMay 13

Description

Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

▶NVDredhat/satellite5.6

▶NVDredhat/spacewalk-java2.0.2-57

▶NVDredhat/satellite_5_managed_db5.6

Patches

Patch: git.fedorahosted.org ↗Patch: git.fedorahosted.org ↗Patch: git.fedorahosted.org ↗

🔴Vulnerability Details

GHSA

GHSA-hr9j-j2w3-gwf8: Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes↗2022-05-13

▶

CVEList

CVE-2012-6149: Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes↗2014-02-14

▶

📋Vendor Advisories

Red Hat

(spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note's subject and content↗2014-02-10

▶

💬Community

Bugzilla

CVE-2012-6149 Satellite, Spacewalk (spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note's subject and content↗2012-11-29

▶