CVE-2011-3344 – Satellite/Spacewalk: XSS on the Lost Password page
https://notcve.org/view.php?id=CVE-2011-3344
Cross-site scripting (XSS) vulnerability in the Lookup Login/Password form in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the URI. Vulnerabilidad de XSS en el formulario de recuperación de usuario/contraseña en Spacewalk 1.6, utilizado en Red Hat Network (RHN) Satellite, permite a atacantes remotos inyectar script Web arbitrario o HTML a través de la URL. • http://www.redhat.com/support/errata/RHSA-2011-1299.html https://bugzilla.redhat.com/show_bug.cgi?id=731647 https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=890781d7ec983e32fe83af2f7c033d087292851f https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html https://access.redhat.com/security/cve/CVE-2011-3344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-2920 – Satellite: XSS flaw(s) in filter handling
https://notcve.org/view.php?id=CVE-2011-2920
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via the "Filter by Synopsis" field and other unspecified filter forms. Múltiples vulnerabilidades de XSS en Spacewalk 1.6, utilizado en Red Hat Network (RHN) Satellite, permiten a atacantes remotos inyectar script Web o HTML arbitrario a través del campo "Filter by Synopsis" y otros filtros de formularios no especificados. • http://www.redhat.com/support/errata/RHSA-2011-1299.html https://bugzilla.redhat.com/show_bug.cgi?id=681032 https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html https://access.redhat.com/security/cve/CVE-2011-2920 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-2927 – Satellite/Spacewalk: XSS flaw in channels search
https://notcve.org/view.php?id=CVE-2011-2927
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via vectors related to Search forms. Múltiples vulnerabilidades de XSS en Spacewalk 1.6, utilizado en Red Hat Network (RHN) Satellite, permiten a atacantes remotos inyectar script Web o HTML arbitrario a través de vectores relacionados con formularios de búsqueda. • http://www.redhat.com/support/errata/RHSA-2011-1299.html https://bugzilla.redhat.com/show_bug.cgi?id=730955 https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html https://access.redhat.com/security/cve/CVE-2011-2927 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-1594 – Spacewalk: login page open redirect via url_bounce
https://notcve.org/view.php?id=CVE-2011-1594
Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter. Vulnerabilidad de redirección abierta en Spacewalk 1.6, utilizado en Red Hat Network (RHN) Satellite, permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y efectuar ataques de phishing a través de una URL en el parámetro url_bounce. • http://www.redhat.com/support/errata/RHSA-2011-1299.html https://bugzilla.redhat.com/show_bug.cgi?id=672167 https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html https://access.redhat.com/security/cve/CVE-2011-1594 • CWE-20: Improper Input Validation •