Bug 1322747 (CVE-2016-3097)
Summary: | CVE-2016-3097 spacewalk-java: Multiple XSS flaws | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bkearney, meissner, security-response-team, taw, thomas, tkasparek, tlestach |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
A stored cross-site scripting (XSS) flaw was found in the way spacewalk-java displayed group names. An attacker can embed HTML and Javascript in the values for group names in Satellite, allowing them to inject malicious content into the web page that is then displayed when viewing the snapshot data.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-07-26 09:27:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1322710 | ||
Bug Blocks: | 1322748 |
Description
Adam Mariš
2016-03-31 09:07:51 UTC
Acknowledgments: Name: Jan Hutař (Red Hat) This issue has been addressed in the following products: Red Hat Satellite 5.7 Via RHSA-2016:1484 https://rhn.redhat.com/errata/RHSA-2016-1484.html |