{"api_version":"1","generated_at":"2026-04-23T07:55:31+00:00","cve":"CVE-2011-3344","urls":{"html":"https://cve.report/CVE-2011-3344","api":"https://cve.report/api/cve/CVE-2011-3344.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-3344","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-3344"},"summary":{"title":"Spacewalk: spacewalk: cross-site scripting via uri in lookup login/password form","description":"A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting (XSS) vulnerability in the Lookup Login/Password form by injecting arbitrary web script or HTML via the URI. This can lead to information disclosure or unauthorized actions within the user's browser session.","state":"PUBLISHED","assigner":"redhat","published_at":"2014-02-05 18:55:06","updated_at":"2026-04-03 00:16:03"},"problem_types":["CWE-79","CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Primary","score":"5.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"5.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","version":"3.1"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=731647","name":"https://bugzilla.redhat.com/show_bug.cgi?id=731647","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"731647 – (CVE-2011-3344) CVE-2011-3344 Satellite/Spacewalk: XSS on the Lost Password page","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2011-3344","name":"https://access.redhat.com/security/cve/CVE-2011-3344","refsource":"secalert@redhat.com","tags":[],"title":"CVE-2011-3344 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2011-1299.html","name":"http://www.redhat.com/support/errata/RHSA-2011-1299.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html","name":"https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"[Spacewalk-announce-list] Spacewalk 1.6 has been released","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=890781d7ec983e32fe83af2f7c033d087292851f","name":"https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=890781d7ec983e32fe83af2f7c033d087292851f","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Infrastructure/Fedorahosted-retirement - Fedora Project Wiki","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2011:1299","name":"MISC:https://access.redhat.com/errata/RHSA-2011:1299","refsource":"MITRE","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"503","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-3344","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3344","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-04-02T15:01:26.623Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2014-02-05T18:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"3344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"network_satellite","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"spacewalk","cpe6":"1.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2011","cve_id":"3344","cve":"CVE-2011-3344","epss":"0.003760000","percentile":"0.591410000","score_date":"2026-04-07","updated_at":"2026-04-08 00:03:39"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T23:29:56.731Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=890781d7ec983e32fe83af2f7c033d087292851f"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=731647"},{"name":"[Spacewalk-announce-list] 20111222 Spacewalk 1.6 has been released","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html"},{"name":"RHSA-2011:1299","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2011-1299.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unknown","packageName":"rhn-client-tools","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unknown","packageName":"rhnsd","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unknown","packageName":"yum-rhn-plugin","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unknown","packageName":"rhnsd","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unknown","packageName":"yum-rhn-plugin","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"}],"datePublic":"2014-02-05T18:00:00.000Z","descriptions":[{"lang":"en","value":"A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting (XSS) vulnerability in the Lookup Login/Password form by injecting arbitrary web script or HTML via the URI. This can lead to information disclosure or unauthorized actions within the user's browser session."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-02T23:42:25.911Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"url":"http://www.redhat.com/support/errata/RHSA-2011-1299.html"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2011-3344"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=731647"},{"url":"https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=890781d7ec983e32fe83af2f7c033d087292851f"},{"url":"https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html"}],"timeline":[{"lang":"en","time":"2026-04-02T15:01:26.623Z","value":"Reported to Red Hat."},{"lang":"en","time":"2014-02-05T18:00:00.000Z","value":"Made public."}],"title":"Spacewalk: spacewalk: cross-site scripting via uri in lookup login/password form","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2011-3344","datePublished":"2014-02-05T18:00:00.000Z","dateReserved":"2011-08-30T00:00:00.000Z","dateUpdated":"2026-04-02T23:42:25.911Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2014-02-05 18:55:06","lastModifiedDate":"2026-04-03 00:16:03","problem_types":["CWE-79","CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:network_satellite:-:*:*:*:*:*:*:*","matchCriteriaId":"181F4E02-1FFA-4EFD-9DBF-3E23EFC200AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:spacewalk:1.6:*:*:*:*:*:*:*","matchCriteriaId":"F66E06D8-78D7-492A-992C-8A70B5C36A97"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"3344","Ordinal":"1","Title":"Spacewalk: spacewalk: cross-site scripting via uri in lookup log","CVE":"CVE-2011-3344","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"3344","Ordinal":"1","NoteData":"A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting (XSS) vulnerability in the Lookup Login/Password form by injecting arbitrary web script or HTML via the URI. This can lead to information disclosure or unauthorized actions within the user's browser session.","Type":"Description","Title":"Spacewalk: spacewalk: cross-site scripting via uri in lookup log"},{"CveYear":"2011","CveId":"3344","Ordinal":"2","NoteData":"2014-02-05","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"3344","Ordinal":"3","NoteData":"2014-02-05","Type":"Other","Title":"Modified"}]}}}