{"api_version":"1","generated_at":"2026-04-23T06:59:36+00:00","cve":"CVE-2015-0284","urls":{"html":"https://cve.report/CVE-2015-0284","api":"https://cve.report/api/cve/CVE-2015-0284.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-0284","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-0284"},"summary":{"title":"CVE-2015-0284","description":"Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2016-04-14 14:59:00","updated_at":"2023-11-07 02:23:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://github.com/spacewalkproject/spacewalk/commit/dd418384171473c3e31386a1b4792f8c555dc744","name":"https://github.com/spacewalkproject/spacewalk/commit/dd418384171473c3e31386a1b4792f8c555dc744","refsource":"CONFIRM","tags":[],"title":"1181152 - XSS when altering user details and going somewhere where yo… · spacewalkproject/spacewalk@dd41838 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2015-0284","name":"https://access.redhat.com/security/cve/CVE-2015-0284","refsource":"MISC","tags":[],"title":"access.redhat.com | CVE-2015-0284","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-0590.html","name":"RHSA-2016:0590","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1314906","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1314906","refsource":"CONFIRM","tags":[],"title":"1314906 – (CVE-2015-0284) Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/spacewalkproject/spacewalk/commit/f3792c79c1c251a49cc4e382be8591636326a794","name":"https://github.com/spacewalkproject/spacewalk/commit/f3792c79c1c251a49cc4e382be8591636326a794","refsource":"CONFIRM","tags":[],"title":"1181152 - WebUI -> Admin -> Users XSS · spacewalkproject/spacewalk@f3792c7 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2016:0590","name":"https://access.redhat.com/errata/RHSA-2016:0590","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1181152","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1181152","refsource":"CONFIRM","tags":[],"title":"1181152 – XSS when altering user details and going somewhere where you are choosing user","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315398","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1315398","refsource":"CONFIRM","tags":[],"title":"1315398 – (CVE-2016-2144) Sat5: XSS in uset details","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1181472","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1181472","refsource":"CONFIRM","tags":[],"title":"1181472 – (CVE-2015-0284) CVE-2015-0284 Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)","mime":"text/html","httpstatus":"200","archivestatus":"503"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-0284","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0284","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"284","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"network_satellite","cpe6":"5.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"284","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"network_satellite","cpe6":"5.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"284","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"satellite","cpe6":"5.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"284","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"spacewalk-java","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"284","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"spacewalk-java","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2015-0284","qid":"240415","title":"Red Hat Update for spacewalk-java (RHSA-2016:0590)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2015-0284","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-0590.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2016-0590.html"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1181152","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1181152"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1314906","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1314906"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315398","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1315398"},{"url":"https://github.com/spacewalkproject/spacewalk/commit/dd418384171473c3e31386a1b4792f8c555dc744","refsource":"MISC","name":"https://github.com/spacewalkproject/spacewalk/commit/dd418384171473c3e31386a1b4792f8c555dc744"},{"url":"https://github.com/spacewalkproject/spacewalk/commit/f3792c79c1c251a49cc4e382be8591636326a794","refsource":"MISC","name":"https://github.com/spacewalkproject/spacewalk/commit/f3792c79c1c251a49cc4e382be8591636326a794"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1181472","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1181472"}]}},"nvd":{"publishedDate":"2016-04-14 14:59:00","lastModifiedDate":"2023-11-07 02:23:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.3,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.5},"severity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:spacewalk-java:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"284","Ordinal":"76308","Title":"CVE-2015-0284","CVE":"CVE-2015-0284","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"284","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"284","Ordinal":"2","NoteData":"2016-04-14","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"284","Ordinal":"3","NoteData":"2016-04-14","Type":"Other","Title":"Modified"}]}}}