{"api_version":"1","generated_at":"2026-05-13T11:43:05+00:00","cve":"CVE-2011-2919","urls":{"html":"https://cve.report/CVE-2011-2919","api":"https://cve.report/api/cve/CVE-2011-2919.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-2919","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-2919"},"summary":{"title":"CVE-2011-2919","description":"Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page.","state":"PUBLISHED","assigner":"redhat","published_at":"2014-02-05 18:55:05","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=713478","name":"https://bugzilla.redhat.com/show_bug.cgi?id=713478","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"713478 – (CVE-2011-2919) CVE-2011-2919 RHN Satellite / Spacewalk: XSS on SystemGroupList.do page","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2011-1299.html","name":"http://www.redhat.com/support/errata/RHSA-2011-1299.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html","name":"https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"[Spacewalk-announce-list] Spacewalk 1.6 has been released","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2011:1299","name":"MISC:https://access.redhat.com/errata/RHSA-2011:1299","refsource":"MITRE","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"503","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2011-2919","name":"MISC:https://access.redhat.com/security/cve/CVE-2011-2919","refsource":"MITRE","tags":[],"title":"CVE-2011-2919 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-2919","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2919","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"2919","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"network_satellite","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2919","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"spacewalk","cpe6":"1.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2011","cve_id":"2919","cve":"CVE-2011-2919","epss":"0.003220000","percentile":"0.551500000","score_date":"2026-05-04","updated_at":"2026-05-05 00:07:32"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T23:15:31.782Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"[Spacewalk-announce-list] 20111222 Spacewalk 1.6 has been released","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html"},{"name":"RHSA-2011:1299","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2011-1299.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=713478"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2011-09-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2014-02-05T17:57:00.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"[Spacewalk-announce-list] 20111222 Spacewalk 1.6 has been released","tags":["mailing-list","x_refsource_MLIST"],"url":"https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html"},{"name":"RHSA-2011:1299","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2011-1299.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=713478"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2011-2919","datePublished":"2014-02-05T18:00:00.000Z","dateReserved":"2011-07-27T00:00:00.000Z","dateUpdated":"2024-08-06T23:15:31.782Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2014-02-05 18:55:05","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:network_satellite:-:*:*:*:*:*:*:*","matchCriteriaId":"181F4E02-1FFA-4EFD-9DBF-3E23EFC200AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:spacewalk:1.6:*:*:*:*:*:*:*","matchCriteriaId":"F66E06D8-78D7-492A-992C-8A70B5C36A97"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"2919","Ordinal":"1","Title":"CVE-2011-2919","CVE":"CVE-2011-2919","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"2919","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page.","Type":"Description","Title":"CVE-2011-2919"},{"CveYear":"2011","CveId":"2919","Ordinal":"2","NoteData":"2014-02-05","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"2919","Ordinal":"3","NoteData":"2014-02-05","Type":"Other","Title":"Modified"}]}}}