Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags.
Varias vulnerabilidades de XSS en Red Hat Satellite 5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) el parámetro label a admin/BunchDetail.do; (2) el package_name, (3) search_subscribed_channels o (4) el parámetro channel_filter a software/packages/NameOverview.do; O vectores no especificados relacionados con (5) o (6) tags.
Multiple cross-site scripting (XSS) flaws were found in the way HTTP GET parameter data was handled in Red Hat Satellite. A user able to provide malicious links to a Satellite user could use these flaws to perform XSS attacks against other Satellite users.
