Jan Hutař reports: There is stored XSS vulnerability in user details field in Satellite server, they can be exploited by using the XMLRPC API to send XML data containing malformed data.
*** Bug 1315398 has been marked as a duplicate of this bug. ***
External reference: spacewalk git dd418384171473c3e31386a1b4792f8c555dc744 spacewalk git f3792c79c1c251a49cc4e382be8591636326a794
Acknowledgments: Name: Jan Hutař (Red Hat)
This issue has been addressed in the following products: Red Hat Satellite 5.7 Via RHSA-2016:0590 https://rhn.redhat.com/errata/RHSA-2016-0590.html