CVE-2011-2920

MEDIUM

Red Hat Network Satellite and Spacewalk - Stored Cross-Site Scripting via Filter by Synopsis Field

Title source: llm

Description

A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through various input fields, such as the "Filter by Synopsis" field. This could lead to the execution of malicious code in a user's web browser, potentially compromising user sessions or disclosing sensitive information.

References (4)

Core 4

Core References

Patch, Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2011-1299.html

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=681032

Vendor Advisory

https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html

Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2011-2920

Scores

CVSS v3 5.5

EPSS 0.0073

EPSS Percentile 72.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Details

CWE

CWE-79

Status published

Products (4)

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

redhat/network_satellite

redhat/spacewalk 1.6

Published Feb 05, 2014

Tracked Since Feb 18, 2026