Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00031.html | Mailing List Patch Vendor Advisory |
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html | Mailing List Patch Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2014-1184.html | Vendor Advisory |
http://secunia.com/advisories/61115 | Third Party Advisory |
http://secunia.com/advisories/62027 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2014-09-22T15:00:00
Updated: 2014-11-07T18:57:00
Reserved: 2014-05-14T00:00:00
Link: CVE-2014-3595
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-09-22T15:55:07.530
Modified: 2022-02-25T19:18:50.707
Link: CVE-2014-3595
JSON object: View
Redhat Information
No data.
CWE