Bug 1181152

Summary: XSS when altering user details and going somewhere where you are choosing user
Product: Red Hat Satellite 5 Reporter: Jan Hutař <jhutar>
Component: WebUIAssignee: Jiří Dostál <jdostal>
Status: CLOSED ERRATA QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 570CC: ggainey, jdostal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: spacewalk-java-2.3.8-129-sat Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-04 15:36:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1127217, 1181472, 1315398    

Description Jan Hutař 2015-01-12 13:41:47 UTC 
Description of problem:
There is possible XSS when altering user details and going somewhere where you are choosing user


Version-Release number of selected component (if applicable):
Satellite-5.7.0-RHEL6-re20150108.2


How reproducible:
always


Steps to Reproduce:
1. Using API set first and second name of some user to some HTML
2. Go to Channels -> <some_channel> -> Managers
3. Also try to go to Channels -> Manage Software channels -> <some_channel> -> Managers
4. Also try Systems -> System Groups -> <some_system_group> -> Admins


Actual results:
HTML is not escaped correctly in steps "2." and "3." and "4."


Expected results:
HTML is escaped correctly


Additional info:
Discovered while working on bug 1156299.
Comment 3 Jiří Dostál 2015-07-22 11:37:15 UTC 
spacewalk git dd418384171473c3e31386a1b4792f8c555dc744
Comment 4 Jiří Dostál 2015-09-09 14:19:29 UTC 
Fixed one more XSS: Admin -> Users
spacewalk git f3792c79c1c251a49cc4e382be8591636326a794
Comment 5 Kurt Seifried 2016-03-08 16:34:27 UTC 
*** Bug 1314906 has been marked as a duplicate of this bug. ***
Comment 11 errata-xmlrpc 2016-04-04 15:36:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-0590.html