CVE-2014-3654
03.11.2014, 16:55
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.
| Vendor | Product | Version |
|---|---|---|
| redhat | satellite | 5.5 |
| redhat | satellite | 5.6 |
| redhat | satellite_with_embedded_oracle | 5.5 |
| redhat | spacewalk-java | 2.0.2 |
| suse | manager_server | - |
| suse | manager | 1.7 |
𝑥
= Vulnerable software versions
References