Lucene search

K

Veracode Vulnerability DatabaseVERACODE:12012

HistoryJan 15, 2019 - 9:11 a.m.

Cross-site Scripting (XSS)

2019-01-1509:11:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

EPSS

0.002

Percentile

52.5%

spacewalk-java is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists as spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.

References

rhn.redhat.com/errata/RHSA-2016-0590.html

access.redhat.com/errata/RHSA-2016:0590

access.redhat.com/security/cve/CVE-2015-0284

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1181152

bugzilla.redhat.com/show_bug.cgi?id=1181472

bugzilla.redhat.com/show_bug.cgi?id=1313515

bugzilla.redhat.com/show_bug.cgi?id=1313517

bugzilla.redhat.com/show_bug.cgi?id=1314906

bugzilla.redhat.com/show_bug.cgi?id=1315398

bugzilla.redhat.com/show_bug.cgi?id=1320444

bugzilla.redhat.com/show_bug.cgi?id=1320452

github.com/spacewalkproject/spacewalk/commit/dd418384171473c3e31386a1b4792f8c555dc744

github.com/spacewalkproject/spacewalk/commit/f3792c79c1c251a49cc4e382be8591636326a794

rhn.redhat.com/errata/RHSA-2016-0590.html

EPSS

0.002

Percentile

52.5%

Related for VERACODE:12012

nvd3 prion3 cvelist2 cve3 veracode1 nessus2 redhat2 suse1