Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=882000 | Issue Tracking Vendor Advisory |
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85 | Exploit Patch |
http://rhn.redhat.com/errata/RHSA-2014-0148.html | Vendor Advisory |
http://secunia.com/advisories/56952 | Third Party Advisory |
https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html | Vendor Advisory |
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-02-14 07:55
Updated : 2022-02-25 11:04
NVD link : CVE-2012-6149
Mitre link : CVE-2012-6149
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
redhat
- spacewalk-java
- satellite
- satellite_5_managed_db