Headline
CVE-2016-2103: 1305681 – (CVE-2016-2103) CVE-2016-2103 Satellite 5: multiple stored XSS vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do.
Description Kurt Seifried 2016-02-08 21:39:06 UTC
Multiple XSS vulnerabilities have been reported in Satellite 5:
/rhn/systems/PhysicalList.do list_1680466951_oldfilterval (Parameter) /rhn/systems/VirtualSystemsList.do VirtualSystemsList.do (Page)
Comment 2 Grant Gainey 2016-02-15 21:09:25 UTC
/rhn/systems/PhysicalList.do?list_1680466951_oldfilterval=false">Test<script>alert(1)</script>
List-tag parameters and pagination - I believe we can fix these all at once with code in ListDisplayTag
Kurt - Do we have a specific reproducer for VirtualSystemList? SO far I haven’t been able to force a problem.
Comment 3 Grant Gainey 2016-02-16 22:00:42 UTC
Teaching ListTagHelper.getFilterValue() to htmlEscape results fixes the problem for all places where we use ListTag.
Comment 4 Kurt Seifried 2016-02-21 03:37:17 UTC
(In reply to Grant Gainey from comment #2) > /rhn/systems/PhysicalList.
do?list_1680466951_oldfilterval=false">Test<script>alert(1)</script>
List-tag parameters and pagination - I believe we can fix these all at once with code in ListDisplayTag
Kurt - Do we have a specific reproducer for VirtualSystemList? SO far I haven’t been able to force a problem.
I don’t have anything more than what I put in this bug unfortunately. I’ve requested more information.