CVE-2014-7812

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

3.5LOW

EPSS

0.2%

top 56.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Satellite Suse Manager

Timeline

PublishedJan 15

Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

▶NVDredhat/satellite5.6

▶NVDsuse/manager1.7

🔴Vulnerability Details

GHSA

GHSA-ggpg-v628-g33j: Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5↗2022-05-13

▶

CVEList

CVE-2014-7812: Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5↗2015-01-15

▶

📋Vendor Advisories

Red Hat

Spacewalk: XSS in system-group↗2015-01-12

▶

💬Community

Bugzilla

CVE-2014-7812 Red Hat Satellite, Spacewalk: XSS in system-group↗2014-12-11

▶