Bug 1181152 - XSS when altering user details and going somewhere where you are choosing user
Summary: XSS when altering user details and going somewhere where you are choosing user
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: WebUI
Version: 570
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jiří Dostál
QA Contact: Red Hat Satellite QA List
URL:
Whiteboard:
: 1314906 (view as bug list)
Depends On:
Blocks: sat570-triage CVE-2015-0284 CVE-2016-2144
TreeView+ depends on / blocked
 
Reported: 2015-01-12 13:41 UTC by Jan Hutař
Modified: 2016-04-04 15:36 UTC (History)
2 users (show)

Fixed In Version: spacewalk-java-2.3.8-129-sat
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-04-04 15:36:24 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:0590 normal SHIPPED_LIVE Moderate: spacewalk-java security update 2016-04-04 19:35:36 UTC

Description Jan Hutař 2015-01-12 13:41:47 UTC
Description of problem:
There is possible XSS when altering user details and going somewhere where you are choosing user


Version-Release number of selected component (if applicable):
Satellite-5.7.0-RHEL6-re20150108.2


How reproducible:
always


Steps to Reproduce:
1. Using API set first and second name of some user to some HTML
2. Go to Channels -> <some_channel> -> Managers
3. Also try to go to Channels -> Manage Software channels -> <some_channel> -> Managers
4. Also try Systems -> System Groups -> <some_system_group> -> Admins


Actual results:
HTML is not escaped correctly in steps "2." and "3." and "4."


Expected results:
HTML is escaped correctly


Additional info:
Discovered while working on bug 1156299.

Comment 3 Jiří Dostál 2015-07-22 11:37:15 UTC
spacewalk git dd418384171473c3e31386a1b4792f8c555dc744

Comment 4 Jiří Dostál 2015-09-09 14:19:29 UTC
Fixed one more XSS: Admin -> Users
spacewalk git f3792c79c1c251a49cc4e382be8591636326a794

Comment 5 Kurt Seifried 2016-03-08 16:34:27 UTC
*** Bug 1314906 has been marked as a duplicate of this bug. ***

Comment 11 errata-xmlrpc 2016-04-04 15:36:24 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-0590.html


Note You need to log in before you can comment on or make changes to this bug.