CVE-2007-5961

Published: May 23, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Affected (1)

Products: Redhat: Network Satellite

Redhat

1 product

Network Satellite

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Network Satellite	Up to 5.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (10)

http://osvdb.org/45765

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2008-0261.html

Source: secalert@redhat.com

http://www.securitytracker.com/id?1020051

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=396641

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/42559

Source: secalert@redhat.com

http://osvdb.org/45765