CVE-2011-2920

Spacewalk: spacewalk: cross-site scripting vulnerability allows arbitrary web script execution.

CVSS 5.5 MEDIUMEPSS 2.0%CWE-79

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.5EPSS 2.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

05 fev 2014Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through various input fields, such as the "Filter by Synopsis" field. This could lead to the execution of malicious code in a user's web browser, potentially compromising user sessions or disclosing sensitive information.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Produtos afetados

Red Hat · Red Hat Enterprise Linux 6 Red Hat · Red Hat Enterprise Linux 7

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/security/cve/CVE-2011-2920 https://bugzilla.redhat.com/show_bug.cgi?id=681032 https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html http://www.redhat.com/support/errata/RHSA-2011-1299.html