Red Hat Certificate System (RHCS) is vulnerable to cross-site scripting. It does not escape the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script, allowing the attack against via Certificate System’s web interface.
rhn.redhat.com/errata/RHSA-2012-1550.html
rhn.redhat.com/errata/RHSA-2013-0511.html
secunia.com/advisories/51482
www.securityfocus.com/bid/56843
www.securitytracker.com/id?1027846
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=864397
rhn.redhat.com/errata/RHSA-2012-1550.html