CVE-2011-2919 – Spacewalk: XSS on SystemGroupList.do page
https://notcve.org/view.php?id=CVE-2011-2919
Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page. Vulnerabilidad de XSS en Spacewalk 1.6, utilizado en Red Hat Network (RHN) Satellite, permite a atacantes remotos inyectar script Web o HTML a través de QueryString hacia la página SystemGroupList.do. • http://www.redhat.com/support/errata/RHSA-2011-1299.html https://bugzilla.redhat.com/show_bug.cgi?id=713478 https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html https://access.redhat.com/security/cve/CVE-2011-2919 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-2920 – Satellite: XSS flaw(s) in filter handling
https://notcve.org/view.php?id=CVE-2011-2920
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via the "Filter by Synopsis" field and other unspecified filter forms. Múltiples vulnerabilidades de XSS en Spacewalk 1.6, utilizado en Red Hat Network (RHN) Satellite, permiten a atacantes remotos inyectar script Web o HTML arbitrario a través del campo "Filter by Synopsis" y otros filtros de formularios no especificados. • http://www.redhat.com/support/errata/RHSA-2011-1299.html https://bugzilla.redhat.com/show_bug.cgi?id=681032 https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html https://access.redhat.com/security/cve/CVE-2011-2920 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-2927 – Satellite/Spacewalk: XSS flaw in channels search
https://notcve.org/view.php?id=CVE-2011-2927
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via vectors related to Search forms. Múltiples vulnerabilidades de XSS en Spacewalk 1.6, utilizado en Red Hat Network (RHN) Satellite, permiten a atacantes remotos inyectar script Web o HTML arbitrario a través de vectores relacionados con formularios de búsqueda. • http://www.redhat.com/support/errata/RHSA-2011-1299.html https://bugzilla.redhat.com/show_bug.cgi?id=730955 https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html https://access.redhat.com/security/cve/CVE-2011-2927 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •