spacewalk-java is vulnerable to cross-site scripting. A stored cross-site scripting (XSS) flaw was found in the way spacewalk-java displayed monitoring probes. An attacker can embed HTML and Javascript in the values for RHNMD
User or Filesystem
parameters in Satellite, allowing them to inject malicious content into the web page that is then displayed with that probe data.
rhn.redhat.com/errata/RHSA-2016-1484.html
access.redhat.com/errata/RHSA-2016:1484
access.redhat.com/security/cve/CVE-2016-3080
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1320942
bugzilla.redhat.com/show_bug.cgi?id=1322710
rhn.redhat.com/errata/RHSA-2016-1484.html