CVE-2013-1823Cross-site Scripting in Redhat Subscription Asset Manager

CWE-79Cross-site ScriptingCWE-125Out-of-bounds Read10 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 48.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Subscription Asset Manager
Timeline
PublishedApr 2
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4365-vm8j-8w63: Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 12022-05-17
CVEList
CVE-2013-1823: Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 12013-04-02

📋Vendor Advisories

4
Red Hat
Mozilla: Script execution in HTML mail replies (MFSA 2014-14)2014-02-06
Red Hat
Mozilla: Script execution in HTML mail replies (MFSA 2014-14)2014-02-06
Red Hat
Katello: Notifications page Username XSS2013-03-26
Red Hat
Mozilla: Out-of-bounds read in image rendering (MFSA 2013-22)2013-02-19

💬Community

3
Bugzilla
CVE-2019-10173 xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)2019-06-21
Bugzilla
CVE-2013-1823 Katello: Notifications page Username XSS2013-03-06
Bugzilla
CVE-2013-0772 Mozilla: Out-of-bounds read in image rendering (MFSA 2013-22)2013-02-16
CVE-2013-1823 — Cross-site Scripting in Redhat | cvebase