Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.
Vulnerabilidad de XSS en spacewalk-java en Red Hat Satellite 5.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de los parámetros (1) RHNMD User o (2) Filesystem, relacionado con la visualización de sondas de monitorización.
A stored cross-site scripting (XSS) flaw was found in the way spacewalk-java displayed monitoring probes. An attacker can embed HTML and Javascript in the values for RHNMD User or Filesystem parameters in Satellite, allowing them to inject malicious content into the web page that is then displayed with that probe data.