A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting (XSS), allows remote attackers to inject malicious web scripts or HTML into web pages viewed by other users. The flaw is triggered through vectors related to Search forms, enabling attackers to potentially steal sensitive information or perform actions on behalf of the victim.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required
Impact Assessment
Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
None
No disruption
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 2
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Redhat Network_Satellite
cpe:2.3:a:redhat:network_satellite:-:*:*:*:*:*:*:*
|
— | — |
|
Redhat Spacewalk
cpe:2.3:a:redhat:spacewalk:1.6:*:*:*:*:*:*:*
|
— | — |
References 4
http://www.redhat.com/support/errata/RHSA-2011-1299.html
secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2011-2927
secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=730955
secalert@redhat.com
https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.…
secalert@redhat.com