It was found that application for listing of system groups in Red Hat Network
Satellite Server and Spacewalk services did not properly HTML escape
the content of QueryString. A remote attacker could use this flaw to conduct
XSS attacks, potentially leading into attacker's ability to steal
the users' session cookie.
Acknowledgements:
Red Hat would like to thank Daniel Karanja Muturi for reporting this issue.
(In reply to comment #12)
> Created spacewalk-backend tracking bugs for this issue
>
> Affects: fedora-all [bug 738818]
I don't quite understand -- the problem (and the fix) is not in spacewalk-backend package.
Sorry, thanks for the Jan. When initially filing this, I suspect some random spacewalk component was selected for the purpose of tracking bugs. Thank you for clearing it up and resolving that invalid tracker.