Bug 1314906 - (CVE-2015-0284) Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)
(CVE-2015-0284) Red Hat Satellite: stored XSS in user details fields (incompl...
Status: CLOSED DUPLICATE of bug 1181152
Product: Red Hat Satellite 5
Classification: Red Hat
Component: WebUI (Show other bugs)
570
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Grant Gainey
Red Hat Satellite QA List
: Security, SecurityTracking
Depends On:
Blocks: CVE-2015-0284
  Show dependency treegraph
 
Reported: 2016-03-04 15:08 EST by Grant Gainey
Modified: 2016-03-08 11:34 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-03-08 11:34:27 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Grant Gainey 2016-03-04 15:08:24 EST
Jan Hutař reports:

There is stored XSS vulnerability in user details field in Satellite server, they can be exploited by using the REST API to send XML data containing malformed data.
Comment 1 Kurt Seifried 2016-03-08 11:34:27 EST

*** This bug has been marked as a duplicate of bug 1181152 ***

Note You need to log in before you can comment on or make changes to this bug.