Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-0284

Опубликовано: 03 мар. 2015
Источник: redhat
CVSS2: 3.5
EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.

A cross-site scripting (XSS) flaw was found in how XML data was handled in Red Hat Satellite. A user able to use the XMLRPC API could exploit this flaw to perform XSS attacks against other Satellite users.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Satellite 5.6ServerWill not fix
Red Hat Satellite 5.7spacewalk-javaFixedRHSA-2016:059004.04.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1181472Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)

EPSS

Процентиль: 61%
0.00413
Низкий

3.5 Low

CVSS2

Связанные уязвимости

nvd логотип

CVE-2015-0284

CVSS3: 5.4
nvd
почти 10 лет назад

Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.

github логотип

GHSA-q4pf-r4w7-4wpv

CVSS3: 5.4
github
больше 3 лет назад

Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.

EPSS

Процентиль: 61%
0.00413
Низкий

3.5 Low

CVSS2