CVE-2014-7811

CWE-79Cross-site Scripting (XSS)9 documents5 sources
Severity
3.5LOW
EPSS
0.2%
top 59.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat Network SatelliteSuse Manager
Timeline
PublishedJan 15
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

NVDsuse/manager1.7

🔴Vulnerability Details

2
GHSA
GHSA-mqgf-q94x-fm6r: Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 52022-05-17
CVEList
CVE-2014-7811: Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 52015-01-15

📋Vendor Advisories

2
Red Hat
Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)2015-03-03
Red Hat
Spacewalk: multiple XSS2015-01-12

💬Community

4
Bugzilla
(CVE-2015-0284) Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)2016-03-04
Bugzilla
CVE-2015-0284 Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)2015-01-13
Bugzilla
CVE-2014-7812 Red Hat Satellite, Spacewalk: XSS in system-group2014-12-11
Bugzilla
CVE-2014-7811 Red Hat Satellite, Spacewalk: multiple XSS2014-10-24