Description of problem:
There is possible XSS when altering user details and going somewhere where you are choosing user
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Using API set first and second name of some user to some HTML
2. Go to Channels -> <some_channel> -> Managers
3. Also try to go to Channels -> Manage Software channels -> <some_channel> -> Managers
4. Also try Systems -> System Groups -> <some_system_group> -> Admins
HTML is not escaped correctly in steps "2." and "3." and "4."
HTML is escaped correctly
Discovered while working on bug 1156299.
spacewalk git dd418384171473c3e31386a1b4792f8c555dc744
Fixed one more XSS: Admin -> Users
spacewalk git f3792c79c1c251a49cc4e382be8591636326a794
*** Bug 1314906 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.