Red Hat Bugzilla – Bug 731647
CVE-2011-3344 Satellite/Spacewalk: XSS on the Lost Password page
Last modified: 2016-11-08 11:12:39 EST
A cross-site scripting flaw was discovered in the Lookup Login/Password form of the RHN Satellite and Spacewalk.
Red Hat would like to thank Sylvain Maes for reporting this issue.
This issue has been given the name CVE-2011-3344.
This issue has been addressed in following products:
Red Hat Network Satellite Server v 5.4
Via RHSA-2011:1299 https://rhn.redhat.com/errata/RHSA-2011-1299.html
Fixed in Spacewalk master, commit 890781d7ec983e32fe83af2f7c033d087292851f,
tagged as spacewalk-web-1.6.21-1.