CVE-2011-3344

MEDIUM

Red Hat Network Satellite - Cross-Site Scripting via Lookup Login/Password Form URI

Title source: llm

Description

A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting (XSS) vulnerability in the Lookup Login/Password form by injecting arbitrary web script or HTML via the URI. This can lead to information disclosure or unauthorized actions within the user's browser session.

References (5)

Core 5

Core References

Patch, Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2011-1299.html

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=731647

Vendor Advisory

https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html

Patch

https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=890781d7ec983e32fe83af2f7c033d087292851f

Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2011-3344

Scores

CVSS v3 5.4

EPSS 0.0057

EPSS Percentile 69.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (4)

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

redhat/network_satellite

redhat/spacewalk 1.6

Published Feb 05, 2014

Tracked Since Feb 18, 2026