Bug 731647 - (CVE-2011-3344) CVE-2011-3344 Satellite/Spacewalk: XSS on the Lost Password page
CVE-2011-3344 Satellite/Spacewalk: XSS on the Lost Password page
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20110915,reported=20110817,sou...
: Security
Depends On: 736185
Blocks: 713496
  Show dependency treegraph
 
Reported: 2011-08-18 04:26 EDT by Tomas Hoger
Modified: 2016-11-08 11:12 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-09-15 17:19:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2011-08-18 04:26:00 EDT
A cross-site scripting flaw was discovered in the Lookup Login/Password form of the RHN Satellite and Spacewalk.

https://rhnhost/help/forgot_password.pxt/%22onmouseover=alert%281%29%3E

Acknowledgements:

Red Hat would like to thank Sylvain Maes for reporting this issue.
Comment 3 Vincent Danen 2011-09-06 19:01:39 EDT
This issue has been given the name CVE-2011-3344.
Comment 5 errata-xmlrpc 2011-09-15 13:55:41 EDT
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.4

Via RHSA-2011:1299 https://rhn.redhat.com/errata/RHSA-2011-1299.html
Comment 6 Jan Pazdziora 2011-09-16 05:34:53 EDT
Fixed in Spacewalk master, commit 890781d7ec983e32fe83af2f7c033d087292851f,
tagged as spacewalk-web-1.6.21-1.

Note You need to log in before you can comment on or make changes to this bug.