CVE-2012-6149

Опубликовано: 14 фев. 2014

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.

Ссылки

http://rhn.redhat.com/errata/RHSA-2014-0148.html
Vendor Advisory
http://secunia.com/advisories/56952
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=882000
Issue Tracking
Vendor Advisory
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f
Patch
Third Party Advisory
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85
Exploit
Patch
https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0148.html
Vendor Advisory
http://secunia.com/advisories/56952
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=882000
Issue Tracking
Vendor Advisory
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f
Patch
Third Party Advisory
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85
Exploit
Patch
https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*

cpe:2.3:a:redhat:satellite_5_managed_db:5.6:*:*:*:*:*:*:*

cpe:2.3:a:redhat:spacewalk-java:2.0.2-57:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00252

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2012-6149

redhat

почти 12 лет назад

GHSA-hr9j-j2w3-gwf8

github

больше 3 лет назад