Multiple XSS vulnerabilities have been reported in Satellite 5: /rhn/systems/PhysicalList.do list_1680466951_oldfilterval (Parameter) /rhn/systems/VirtualSystemsList.do VirtualSystemsList.do (Page)
/rhn/systems/PhysicalList.do?list_1680466951_oldfilterval=false">Test<script>alert(1)</script> List-tag parameters and pagination - I believe we can fix these all at once with code in ListDisplayTag Kurt - Do we have a specific reproducer for VirtualSystemList? SO far I haven't been able to force a problem.
Teaching ListTagHelper.getFilterValue() to htmlEscape results fixes the problem for all places where we use ListTag.
(In reply to Grant Gainey from comment #2) > /rhn/systems/PhysicalList. > do?list_1680466951_oldfilterval=false">Test<script>alert(1)</script> > > List-tag parameters and pagination - I believe we can fix these all at once > with code in ListDisplayTag > > Kurt - Do we have a specific reproducer for VirtualSystemList? SO far I > haven't been able to force a problem. I don't have anything more than what I put in this bug unfortunately. I've requested more information.
This issue has been addressed in the following products: Red Hat Satellite 5.7 Via RHSA-2016:0590 https://rhn.redhat.com/errata/RHSA-2016-0590.html