CVE-2017-7514Cross-site Scripting in Redhat Satellite

CWE-79Cross-site Scripting5 documents5 sources
Severity
5.4MEDIUMNVD
CNA4.3
EPSS
0.2%
top 57.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat SatelliteRED HAT Satellite
Timeline
PublishedJul 30
Latest updateMay 13

Description

A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDredhat/satellite< 5.8.0
CVEListV5red_hat/red_hat_satellite5.8.0

🔴Vulnerability Details

2
GHSA
GHSA-cqmg-98pc-948m: A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 52022-05-13
CVEList
CVE-2017-7514: A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 52018-07-30

📋Vendor Advisories

1
Red Hat
SAT 5 XSS in the Failed Systems page2017-06-21

💬Community

1
Bugzilla
CVE-2017-7514 SAT 5 XSS in the Failed Systems page2017-06-01
CVE-2017-7514 — Cross-site Scripting in Redhat | cvebase