CVE-2013-4415

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 43.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Redhat Spacewalk-javaRedhat Spacewalk-webRedhat Satellite+2 more
Timeline
PublishedFeb 14
Latest updateMay 13

Description

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10) optionScanDateSearch, (11) result_filter, (12) search_string, (13) show_as, (14) start_am_pm, (15) start_day, (16) start_hour, (17) start_minute,

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

NVDsuse/manager1.7

Patches

Patch: git.fedorahosted.orgPatch: git.fedorahosted.org

🔴Vulnerability Details

2
GHSA
GHSA-fch3-m8r7-wg82: Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 52022-05-13
CVEList
CVE-2013-4415: Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 52014-02-14

📋Vendor Advisories

1
Red Hat
Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)2014-02-10

💬Community

1
Bugzilla
CVE-2013-4415 Red Hat Satellite, Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)2013-06-28
CVE-2013-4415 (MEDIUM CVSS 4.3) | Multiple cross-site scripting (XSS) | cvebase.io