Mickaël Gallier reports: There are several stored XSS vulnerabilities in various fields in Satellite server, they can be exploited by using the REST API to send XML data containing malformed data. One of these is in the system-group handling. Please see CVE-014-7811 for the other vulnerabilities.
Acknowledgement: Red Hat would like to thank Mickaël Gallier for reporting this issue.
This issue has been addressed in the following products: Red Hat Satellite Server v 5.7 Via RHSA-2015:0033 https://rhn.redhat.com/errata/RHSA-2015-0033.html