CVE-2024-4812 — Cross-site Scripting in Redhat Satellite

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.1%

top 75.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Satellite

Timeline

PublishedJun 5

Description

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

▶NVDredhat/satellite6.0

🔴Vulnerability Details

CVEList

Katello: potential cross-site scripting exploit in ui↗2024-06-05

▶

GHSA

GHSA-jjqv-cfcp-2xj7: A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user↗2024-06-05

▶

📋Vendor Advisories

Red Hat

katello: potential cross-site scripting exploit in UI↗2024-06-05

▶