Bug 730955 (CVE-2011-2927)

Summary: CVE-2011-2927 Satellite/Spacewalk: XSS flaw in channels search
Product: [Other] Security Response Reporter: Mark J. Cox <mjc>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: cperry, jpazdziora, njuenemann, security-response-team, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-15 21:22:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 731646    
Bug Blocks: 622406, 713496    

Description Mark J. Cox 2011-08-16 11:27:12 UTC 
Nils Juenemann reported that there are cross-site scripting flaws in the various Search forms provided by Red Hat Satellite. 

Acknowledgements:

Red Hat would like to thank Nils Juenemann for reporting this issue.
Comment 4 errata-xmlrpc 2011-09-15 17:55:00 UTC 
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.4

Via RHSA-2011:1299 https://rhn.redhat.com/errata/RHSA-2011-1299.html
Comment 5 Jan Pazdziora 2011-09-16 09:34:15 UTC 
Fixed in Spacewalk master, commits

6ca26364228b6b1f1010d910b9911244eb37b883
a9da89b35581f4eedfb6ca7ddff4343b9ea21f15
e0c4ae8dd7093bbe6a12ab4462272fbab573e098
3a03e49904465ec5f16bde31c92e67c0b85ef1b9

Tagged as spacewalk-java-1.6.46-1.