CVE-2014-7811
Red Hat Network Satellite < 5.7.0 - Authenticated Cross-Site Scripting via REST API XML Data
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0033.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62183
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html
Scores
EPSS
0.0018
EPSS Percentile
39.7%
Details
CWE
CWE-79
Status
published
Products (3)
redhat/network_satellite
< 5.6
redhat/spacewalk
suse/manager
1.7
Published
Jan 15, 2015
Tracked Since
Feb 18, 2026