Ron Bowes of Google reports: Stored cross-site scripting in /rhn/kickstart/cobbler/CustomSnippetList.do Reflected cross-site scripting in /rhn/channels/software/Entitlements.do Reflected cross-site scripting in /rhn/admin/multiorg/OrgUsers.do (note: these are in a POST request of a CSRF-protected page, so this is likely only self-XSS)
IssueDescription: Stored and reflected cross-site scripting (XSS) flaws were found in the way spacewalk-java displayed certain information. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data.
This issue has been addressed in the following products: Red Hat Network Satellite Server v 5.5 Red Hat Satellite Server v 5.6 Via RHSA-2014:1762 https://rhn.redhat.com/errata/RHSA-2014-1762.html
Acknowledgement: Red Hat would like to thank Ron Bowes of Google for reporting this issue.