CVE-2014-3654
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD
Description
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.
Affected (6)
Products: Redhat: Satellite, Satellite With Embedded Oracle, Spacewalk Java · Suse: Manager Server, Manager
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 5.5 | |
| Version 5.5 | |
| Version 2.0.2 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
References (10)
Source: secalert@redhat.com
Mailing ListPatchVendor Advisory
Source: secalert@redhat.com
Mailing ListPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.