Multiple cross-site scripting (XSS) flaws were found in the way certain form data was handled in Red Hat Satellite. A user able to enter form data could use these flaws to perform XSS attacks against other Satellite users.
Two XSS issues due to element creation in SSM (Perl stack) and displaying outside of it and two XSS issues on pages for entitlements management were reported.
Name: Jan Hutař (Red Hat)
This issue has been addressed in the following products:
Red Hat Satellite 5.7
Via RHSA-2016:0590 https://rhn.redhat.com/errata/RHSA-2016-0590.html