Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.
References
Link | Resource |
---|---|
http://secunia.com/advisories/47162 | Broken Link |
http://www.redhat.com/support/errata/RHSA-2011-1794.html | Patch Vendor Advisory |
http://www.securityfocus.com/bid/50963 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id?1026391 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=742050 | Issue Tracking |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2011-12-10 17:55
Updated : 2024-02-28 11:41
NVD link : CVE-2011-4346
Mitre link : CVE-2011-4346
CVE.ORG link : CVE-2011-4346
JSON object : View
Products Affected
redhat
- enterprise_linux
- satellite
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')