Red Hat Satellite is vulnerable to cross-site scripting (XSS). The vulnerability exists in the way spacewalk-java displays group names. This allows an attacker to inject arbitrary web script or HTML into the web page that is then displayed when viewing the snapshot data.
rhn.redhat.com/errata/RHSA-2016-1484.html
access.redhat.com/errata/RHSA-2016:1484
access.redhat.com/security/cve/CVE-2016-3097
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1322710
bugzilla.redhat.com/show_bug.cgi?id=1322747
rhn.redhat.com/errata/RHSA-2016-1484.html