CVE-2011-2919
Summary
| CVE | CVE-2011-2919 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-02-05 18:55:05 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page. |
Risk And Classification
Primary CVSS: v2.0 4.3 from [email protected]
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS: 0.003220000 probability, percentile 0.551500000 (date 2026-05-04)
Problem Types: CWE-79 | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Network Satellite | - | All | All | All |
| Application | Redhat | Spacewalk | 1.6 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 713478 – (CVE-2011-2919) CVE-2011-2919 RHN Satellite / Spacewalk: XSS on SystemGroupList.do page | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Vendor Advisory |
| Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Patch, Vendor Advisory |
| [Spacewalk-announce-list] Spacewalk 1.6 has been released | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| CVE-2011-2919 - Red Hat Customer Portal | MITRE | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.