CVE-2015-0284
Summary
| CVE | CVE-2015-0284 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2016-04-14 14:59:00 UTC |
|---|
| Updated | 2023-11-07 02:23:00 UTC |
|---|
| Description | Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| 1181152 - XSS when altering user details and going somewhere where yo… · spacewalkproject/spacewalk@dd41838 · GitHub |
CONFIRM |
github.com |
|
| access.redhat.com | CVE-2015-0284 |
MISC |
access.redhat.com |
|
| Red Hat Customer Portal |
REDHAT |
rhn.redhat.com |
Vendor Advisory |
| 1314906 – (CVE-2015-0284) Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811) |
CONFIRM |
bugzilla.redhat.com |
|
| 1181152 - WebUI -> Admin -> Users XSS · spacewalkproject/spacewalk@f3792c7 · GitHub |
CONFIRM |
github.com |
|
| Red Hat Customer Portal |
MISC |
access.redhat.com |
|
| 1181152 – XSS when altering user details and going somewhere where you are choosing user |
CONFIRM |
bugzilla.redhat.com |
|
| 1315398 – (CVE-2016-2144) Sat5: XSS in uset details |
CONFIRM |
bugzilla.redhat.com |
|
| 1181472 – (CVE-2015-0284) CVE-2015-0284 Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811) |
CONFIRM |
bugzilla.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 240415 Red Hat Update for spacewalk-java (RHSA-2016:0590)
