CVE-2014-7811

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-7811
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.

3.5 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html
http://rhn.redhat.com/errata/RHSA-2015-0033.html Vendor Advisory
http://secunia.com/advisories/62183
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:network_satellite:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:spacewalk:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:suse:manager:1.7:*:*:*:*:*:*:*
History

13 Feb 2023, 00:42

Type Values Removed Values Added
Summary CVE-2014-7811 Red Hat Satellite, Spacewalk: multiple XSS Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0033', 'name': 'https://access.redhat.com/errata/RHSA-2015:0033', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2014-7811', 'name': 'https://access.redhat.com/security/cve/CVE-2014-7811', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1156299', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1156299', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 15:16

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0033 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2014-7811 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1156299 -
Summary Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API. CVE-2014-7811 Red Hat Satellite, Spacewalk: multiple XSS
Information

Published : 2015-01-15 15:59

Updated : 2023-12-10 11:31

NVD link : CVE-2014-7811

Mitre link : CVE-2014-7811

CVE.ORG link : CVE-2014-7811

JSON object : View

Products Affected

suse

  • manager

redhat

  • network_satellite
  • spacewalk
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')