A flaw was found in katello. An stored XSS in the subscriptions and repositories pages due to an improper sanitization of the new organization input field. References: https://projects.theforeman.org/issues/25182 Upstream Patch: https://github.com/Katello/katello/pull/7757 https://projects.theforeman.org/projects/katello/repository/revisions/17451c950201bedec9bdd3748e17863b550a6be2
Acknowledgments: Name: Sanket Jagtap (Red Hat Pune India)
Statement: Red Hat Subscription Asset Manager does not support the Organization Change, and therefore is not affected by this flaw.
This issue has been addressed in the following products: Red Hat Satellite 6.5 for RHEL 7 Via RHSA-2019:1222 https://access.redhat.com/errata/RHSA-2019:1222