Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2016-04-14T14:00:00
Updated: 2016-04-14T13:57:01
Reserved: 2016-03-10T00:00:00
Link: CVE-2016-3079
JSON object: View
NVD Information
Status : Modified
Published: 2016-04-14T14:59:08.177
Modified: 2023-02-12T23:18:15.440
Link: CVE-2016-3079
JSON object: View
Redhat Information
No data.
CWE