Page 5 of 25 results (0.005 seconds)

CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API. Múltiples vulnerabilidades de XSS en Spacewalk y Red Hat Network (RHN) Satellite anterior a 5.7.0 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de datos XML manipulados en la API REST. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html http://rhn.redhat.com/errata/RHSA-2015-0033.html http://secunia.com/advisories/62183 https://access.redhat.com/security/cve/CVE-2014-7811 https://bugzilla.redhat.com/show_bug.cgi?id=1156299 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do. Múltiples vulnerabilidades de XSS en spacewalk-java 2.0.2 en Spacewalk and Red Hat Network (RHN) Satellite 5.5 y 5.6 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados en (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, o (3) admin/multiorg/OrgUsers.do. Stored and reflected cross-site scripting (XSS) flaws were found in the way spacewalk-java displayed certain information. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data. • http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00010.html http://rhn.redhat.com/errata/RHSA-2014-1762.html http://secunia.com/advisories/60976 http://secunia.com/advisories/62027 https://access.redhat.com/security/cve/CVE-2014-3654 https://bugzilla.redhat.com/show_bug.cgi?id=1144628 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging. Vulnerabilidad de XSS en spacewalk-java 1.2.39, 1.7.54, y 2.0.2 en Spacewalk y Red Hat Network (RHN) Satellite 5.4 hasta 5.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una petición modificada que no es manejada adecuadamente cuando se accede. A stored cross-site scripting (XSS) flaw was found in the way spacewalk-java displayed log files. By sending a specially crafted request to Satellite, a remote attacker could embed HTML content into the log file, allowing them to inject malicious content into the web page that is used to view that log file. • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html http://rhn.redhat.com/errata/RHSA-2014-1184.html http://secunia.com/advisories/61115 http://secunia.com/advisories/62027 https://access.redhat.com/security/cve/CVE-2014-3595 https://bugzilla.redhat.com/show_bug.cgi?id=1129821 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10) optionScanDateSearch, (11) result_filter, (12) search_string, (13) show_as, (14) start_am_pm, (15) start_day, (16) start_hour, (17) start_minute, (18) start_month, (19) start_year, or (20) whereToSearch variable in an scap audit results search; (21) end_minute, (22) end_month, (23) end_year, (24) errata_type_bug, (25) errata_type_enhancement, (26) errata_type_security, (27) fineGrained, (28) list_1892635924_sortdir, (29) optionIssueDateSearch, (30) start_am_pm, (31) start_day, (32) start_hour, (33) start_minute, (34) start_month, (35) start_year, or (36) view_mode variable in an errata search; or (37) fineGrained variable in a systems search, related to PAGE_SIZE_LABEL_SELECTED. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Spacewalk y Red Hat Network (RHN) Satellite versión 5.6, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de la (1) variable whereCriteria en un software búsqueda de canales; la variable (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10) optionScanDateSearch, (11) result_filter, (12) search_string, (13) show_as, (14) start_am_pm, (15) start_day, (16) start_day, (17) start_minute, (18) start_month, (19) start_year o (20) whereToSearch en una búsqueda de resultados de auditoría scap; la variable (21) end_minute, (22) end_month, (23) end_year, (24) errata_type_bug, (25) errata_type_enhancement, (26) errata_type_security, (27) fineGrained, (28) list_1892635924_sortdir, (29) optionIssueDateSearch, (30) start_am_pm, (31) start_day, (32) start_ hour, (33) start_minute, (34) start_month, (35) start_year o (36) view_mode en una búsqueda de erratas; o (37) variable fineGrained en una búsqueda de sistemas, relacionada con PAGE_SIZE_LABEL_SELECTED. • http://rhn.redhat.com/errata/RHSA-2014-0148.html http://secunia.com/advisories/56952 https://bugzilla.redhat.com/show_bug.cgi?id=979452 https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html https://access.redhat.com/security/cve/CVE-2013-4415 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. Red Hat Satellite 5.6 y anteriores versiones no deshabilita la interfaz web que es usada para crear el primer usuario para un satellite, lo que permite a atacantes remotos crear cuentas de administrador. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00009.html http://rhn.redhat.com/errata/RHSA-2013-1513.html http://rhn.redhat.com/errata/RHSA-2013-1514.html https://access.redhat.com/site/articles/539283 https://bugzilla.redhat.com/show_bug.cgi?id=1024614 https://access.redhat.com/security/cve/CVE-2013-4480 • CWE-668: Exposure of Resource to Wrong Sphere CWE-862: Missing Authorization •