CVE-2015-0284

MEDIUM

Red Hat Satellite 5.7 - Authenticated Cross-Site Scripting via XMLRPC API User Details

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.

Scores

CVSS v3 5.4
EPSS 0.0124
EPSS Percentile 65.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
redhat/satellite 5.7
redhat/spacewalk-java
Published Apr 14, 2016
Tracked Since Feb 18, 2026