CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4415 – Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)
https://notcve.org/view.php?id=CVE-2013-4415
10 Feb 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10) optionScanDateSearch, (11) result_filter, (12) search_string, (13) show_as, (14) start_am_pm, (15) start_day, (16) start_hour, (17) start_minute, (18) start_... • http://rhn.redhat.com/errata/RHSA-2014-0148.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2012-6149 – (spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note's subject and content
https://notcve.org/view.php?id=CVE-2012-6149
10 Feb 2014 — Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call. Múltiples vulnerabilidades de XSS en systems/sdc/notes.jsp en Spacewalk y Red Hat Network (RHN) Satellite 5.6 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de los valores de (1) asunto o (2) contenido de... • http://rhn.redhat.com/errata/RHSA-2014-0148.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •