Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-3654

Опубликовано: 03 нояб. 2014
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:satellite:5.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:spacewalk-java:2.0.2:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:suse:manager_server:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:a:suse:manager:1.7:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:*:*:*:*

EPSS

Процентиль: 53%
0.00302
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

redhat логотип

CVE-2014-3654

redhat
больше 11 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.

github логотип

GHSA-8prp-cx44-x9c3

github
больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.

EPSS

Процентиль: 53%
0.00302
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79