Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.
References
Link | Resource |
---|---|
http://secunia.com/advisories/47162 | Broken Link |
http://www.redhat.com/support/errata/RHSA-2011-1794.html | Patch Vendor Advisory |
http://www.securityfocus.com/bid/50963 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id?1026391 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=742050 | Issue Tracking |
Configurations
Configuration 1 (hide)
AND |
|
History
13 Feb 2023, 01:21
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page. |
02 Feb 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | CVE-2011-4346 satellite: XSS flaw in custom system information key handling |
03 Feb 2022, 19:59
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=742050 - Issue Tracking | |
References | (BID) http://www.securityfocus.com/bid/50963 - Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/47162 - Broken Link | |
References | (SECTRACK) http://www.securitytracker.com/id?1026391 - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:o:red_hat:enterprise_linux:5:*:*:*:*:*:*:* cpe:2.3:o:red_hat:enterprise_linux:6:*:*:*:*:*:*:* |
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:5.4.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
First Time |
Redhat satellite
Redhat enterprise Linux Redhat |
Information
Published : 2011-12-10 17:55
Updated : 2023-12-10 11:03
NVD link : CVE-2011-4346
Mitre link : CVE-2011-4346
CVE.ORG link : CVE-2011-4346
JSON object : View
Products Affected
redhat
- enterprise_linux
- satellite
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')