CVE-2015-0284 — Cross-site Scripting in Redhat Satellite

CWE-79 — Cross-site Scripting8 documents5 sources

Severity

5.4MEDIUMNVD

CNA3.5

EPSS

0.3%

top 49.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Satellite

Timeline

PublishedApr 14

Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDredhat/satellite5.7

🔴Vulnerability Details

GHSA

GHSA-q4pf-r4w7-4wpv: Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5↗2022-05-13

▶

CVEList

CVE-2015-0284: Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5↗2016-04-14

▶

📋Vendor Advisories

Red Hat

Sat5: XSS in uset details↗2016-02-07

▶

Red Hat

Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)↗2015-03-03

▶

💬Community

Bugzilla

CVE-2016-2144 Sat5: XSS in uset details↗2016-03-07

▶

Bugzilla

(CVE-2015-0284) Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)↗2016-03-04

▶

Bugzilla

CVE-2015-0284 Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)↗2015-01-13

▶