Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2016-0590.html | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1305677 | Issue Tracking Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=1313515 | Issue Tracking Third Party Advisory VDB Entry |
Configurations
History
12 Feb 2023, 23:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags. |
02 Feb 2023, 21:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Multiple cross-site scripting (XSS) flaws were found in the way HTTP GET parameter data was handled in Red Hat Satellite. A user able to provide malicious links to a Satellite user could use these flaws to perform XSS attacks against other Satellite users. |
Information
Published : 2017-04-13 14:59
Updated : 2023-12-10 12:01
NVD link : CVE-2016-2104
Mitre link : CVE-2016-2104
CVE.ORG link : CVE-2016-2104
JSON object : View
Products Affected
redhat
- satellite
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')