Red Hat Bugzilla – Bug 1471262
CVE-2017-7538 Satellite 5: organization name allows XSS
Last modified: 2017-09-14 05:38:13 EDT
Ales Dujicek of Red Hat reports:
The organization name is used in a variety of web pages without being sanitized for HTML special characters, resulting in a stored cross site scripting (XSS) vulnerability.
Name: Ales Dujicek (Red Hat)
This issue has been addressed in the following products:
Red Hat Satellite 5.8
Red Hat Satellite 5.8 ELS
Via RHSA-2017:2645 https://access.redhat.com/errata/RHSA-2017:2645
Can this BZ be closed? The associated erratum went live on 2017-09-06
(In reply to Tomas Lestach from comment #5)
> Can this BZ be closed? The associated erratum went live on 2017-09-06
This is fine to close, thanks!