CVE-2014-0183

Опубликовано: 11 июл. 2014

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.

Отчет

This issue affects the versions of katello as shipped with Red Hat Subscription Asset Manager 1.4. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Satellite 6	katello	Not affected
Red Hat Subscription Asset Manager	katello	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1094592XSS: HTML in systems name (when registering) gets interpreted on system information page

EPSS

Процентиль: 52%

0.0029

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2014-0183

CVSS3: 6.1

nvd

около 6 лет назад

Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.

GHSA-5x4j-rcqm-3gc9

github

больше 3 лет назад

Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.

EPSS

Процентиль: 52%

0.0029

Низкий

4.3 Medium

CVSS2