CVE-2011-2927

Spacewalk: spacewalk and red hat network satellite: cross-site scripting vulnerability via search forms

CVSS 5.4 MEDIUMEPSS 1.5%CWE-79

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.4EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

05 fev 2014Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting (XSS), allows remote attackers to inject malicious web scripts or HTML into web pages viewed by other users. The flaw is triggered through vectors related to Search forms, enabling attackers to potentially steal sensitive information or perform actions on behalf of the victim.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Produtos afetados

Red Hat · Red Hat Enterprise Linux 6 Red Hat · Red Hat Enterprise Linux 7

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/security/cve/CVE-2011-2927 https://bugzilla.redhat.com/show_bug.cgi?id=730955 https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html http://www.redhat.com/support/errata/RHSA-2011-1299.html