A cross-site scripting flaw was discovered in the Lookup Login/Password form of the RHN Satellite and Spacewalk. https://rhnhost/help/forgot_password.pxt/%22onmouseover=alert%281%29%3E Acknowledgements: Red Hat would like to thank Sylvain Maes for reporting this issue.
This issue has been given the name CVE-2011-3344.
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.4 Via RHSA-2011:1299 https://rhn.redhat.com/errata/RHSA-2011-1299.html
Fixed in Spacewalk master, commit 890781d7ec983e32fe83af2f7c033d087292851f, tagged as spacewalk-web-1.6.21-1.