Headline
CVE-2012-6149: 882000 – (CVE-2012-6149) CVE-2012-6149 Satellite, Spacewalk (spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note's subject and content
Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.
Bug 882000 (CVE-2012-6149) - CVE-2012-6149 Satellite, Spacewalk (spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note’s subject and content
Summary: CVE-2012-6149 Satellite, Spacewalk (spacewalk-java): XSS in system.addNote XM…
Keywords:
Status:
CLOSED ERRATA
Alias:
CVE-2012-6149
Product:
Security Response
Classification:
Other
Component:
vulnerability
Sub Component:
Version:
unspecified
Hardware:
Unspecified
OS:
Unspecified
Priority:
medium
Severity:
medium
Target Milestone:
—
Assignee:
Red Hat Product Security
QA Contact:
Lukas Pramuk
Docs Contact:
URL:
Whiteboard:
Depends On:
1022687
Blocks:
883016 915998 1011743
TreeView+
depends on / blocked
Reported:
2012-11-29 23:00 UTC by Ben Ford
Modified:
2021-02-17 08:19 UTC (History)
CC List:
13 users (show)
Fixed In Version:
spacewalk-java-2.0.2-57-sat
Doc Type:
Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
2014-02-11 13:09:02 UTC
Attachments
(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)
Links
System
ID
Private
Priority
Status
Summary
Last Updated
Red Hat Product Errata
RHSA-2014:0148
0
normal
SHIPPED_LIVE
Moderate: spacewalk-java, spacewalk-web and satellite-branding security update
2014-02-10 22:29:32 UTC