Suse Manager vulnerabilities

CVE-2013-4415 [MEDIUM] CWE-79 CVE-2013-4415: Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10)

CVE-2013-4480 [HIGH] CWE-668 CVE-2013-4480: Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the firs Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.