Bug 1313515
Summary: | (CVE-2016-2104) Satellite 5: multiple XSS vulnerabilities | ||
---|---|---|---|
Product: | Red Hat Satellite 5 | Reporter: | Grant Gainey <ggainey> |
Component: | WebUI | Assignee: | Grant Gainey <ggainey> |
Status: | CLOSED ERRATA | QA Contact: | Red Hat Satellite QA List <satqe-list> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 570 | CC: | dyordano, jhutar, tlestach |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | spacewalk-java-2.3.8-130-sat | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-04-04 15:37:00 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1305677 |
Description
Grant Gainey
2016-03-01 18:21:54 UTC
spacewalk.github commits for the <input:hidden> issue: c006504df8a66bea60d927a4c152e67bb75bebdf 94c03423b00670908d71960037a0bf376ba57f5e fd7d7b0d1483409f2f5833a95b409886dd9cb739 497f8c8804c4b72cac80a3b13c138e2c6e08cc7c 63e3ccec4130622059e9f89fd96bcc83269383d1 f1d8321cee97c56185c1144f8de5343167d38181 More work needed to address the <bean:message> issue. spacewalk.github f9444124d79af7604674be211a8ffc448b60aee9 spacewalk.github: 5b21c52f8a64626ca50bd11573bde2e21c52919d 042c364db1b450ef9b4b4117dd81c98eade7f47c bc8026d722e058c8d77bb4735495581981db70d1 Fixes to a number of <bean:message argN="${}"/> uses. spacewalk.github: ec742b36ab79a0b91d67129dd814a48b980383ec 6fb0fbf5f625a99e8093b600dc8a1e90d6c34083 Fixes missing for rhn:hidden - thanks to mcalmer spacewalk.github: 6547ef2b84c7361b2fcdfb7a04e5b2fb5ad8c631 24c44bab07c9912df068b89796b44018ea11feaf Bug report changed to ON_QA status by Errata System. A QE request has been submitted for advisory RHSA-2016:23015-02 https://errata.devel.redhat.com/advisory/23015 /rhn/admin/BunchDetail.do?label=cobbler-sync-bunch"><script>alert(1)</script> ... not fixed (although was not in the initial report) spacewalk-github: 5768cce9 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-0590.html |