CVE-2011-2927

Spacewalk: spacewalk and red hat network satellite: cross-site scripting vulnerability via search forms

CVSS 5.4 MEDIUMEPSS 1.5%CWE-79

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.4EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

05 feb 2014Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting (XSS), allows remote attackers to inject malicious web scripts or HTML into web pages viewed by other users. The flaw is triggered through vectors related to Search forms, enabling attackers to potentially steal sensitive information or perform actions on behalf of the victim.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Productos afectados

Red Hat · Red Hat Enterprise Linux 6 Red Hat · Red Hat Enterprise Linux 7

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/security/cve/CVE-2011-2927 https://bugzilla.redhat.com/show_bug.cgi?id=730955 https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html http://www.redhat.com/support/errata/RHSA-2011-1299.html