CVE-2011-4346

Red Hat Network Satellite 5.4.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.

References (5)

[Broken Link] http://secunia.com/advisories/47162

[Patch, Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2011-1794.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/50963

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1026391

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=742050

Scores

EPSS 0.0028

EPSS Percentile 50.9%

Classification

CWE

CWE-79

Status published

Affected Products (2)

redhat/satellite

n/a/n/a

Timeline

Published Dec 10, 2011

Tracked Since Feb 18, 2026