Grant Gainey - Security Researcher - Exploit Intelligence Platform

CVE-2016-3079 WRITEUP MEDIUM WRITEUP

Red Hat Satellite 5.7 - Stored Cross-Site Scripting via PATH_INFO or Label Parameter

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).

CVSS 6.1

View Code

CVE-2016-3079 WRITEUP MEDIUM WRITEUP

Red Hat Satellite 5.7 - Stored Cross-Site Scripting via PATH_INFO or Label Parameter

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).

CVSS 6.1

View Code

CVE-2016-3079 WRITEUP MEDIUM WRITEUP

Red Hat Satellite 5.7 - Stored Cross-Site Scripting via PATH_INFO or Label Parameter

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).

CVSS 6.1

View Code