Bug 1314906 - (CVE-2015-0284) Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)
Summary: (CVE-2015-0284) Red Hat Satellite: stored XSS in user details fields (incompl...
Keywords:
Status: CLOSED DUPLICATE of bug 1181152
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: WebUI
Version: 570
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Grant Gainey
QA Contact: Red Hat Satellite QA List
URL:
Whiteboard:
Depends On:
Blocks: CVE-2015-0284
TreeView+ depends on / blocked
 
Reported: 2016-03-04 20:08 UTC by Grant Gainey
Modified: 2016-03-08 16:34 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Release Note
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-03-08 16:34:27 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Grant Gainey 2016-03-04 20:08:24 UTC
Jan Hutař reports:

There is stored XSS vulnerability in user details field in Satellite server, they can be exploited by using the REST API to send XML data containing malformed data.

Comment 1 Kurt Seifried 2016-03-08 16:34:27 UTC

*** This bug has been marked as a duplicate of bug 1181152 ***


Note You need to log in before you can comment on or make changes to this bug.