CVE-2011-2927

MEDIUM

Red Hat Network Satellite and Spacewalk - Stored Cross-Site Scripting via Search Forms

Title source: llm

Description

A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting (XSS), allows remote attackers to inject malicious web scripts or HTML into web pages viewed by other users. The flaw is triggered through vectors related to Search forms, enabling attackers to potentially steal sensitive information or perform actions on behalf of the victim.

References (4)

Core 4

Core References

Patch, Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2011-1299.html

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=730955

Vendor Advisory

https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html

Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2011-2927

Scores

CVSS v3 5.4

EPSS 0.0050

EPSS Percentile 66.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (4)

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

redhat/network_satellite

redhat/spacewalk 1.6

Published Feb 05, 2014

Tracked Since Feb 18, 2026