{"api_version":"1","generated_at":"2026-04-23T05:14:02+00:00","cve":"CVE-2016-3080","urls":{"html":"https://cve.report/CVE-2016-3080","api":"https://cve.report/api/cve/CVE-2016-3080.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-3080","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-3080"},"summary":{"title":"CVE-2016-3080","description":"Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2016-08-05 14:59:00","updated_at":"2023-02-12 23:18:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1320942","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1320942","refsource":"CONFIRM","tags":["Issue Tracking","Vendor Advisory"],"title":"Bug 1320942 – CVE-2016-3080 spacewalk-monitoring: XSS issue in monitoring probe","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-1484.html","name":"RHSA-2016:1484","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2016-3080","name":"https://access.redhat.com/security/cve/CVE-2016-3080","refsource":"MISC","tags":[],"title":"CVE-2016-3080 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2016:1484","name":"https://access.redhat.com/errata/RHSA-2016:1484","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-3080","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3080","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"3080","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"network_satellite","cpe6":"5.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3080","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"network_satellite","cpe6":"5.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3080","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"satellite","cpe6":"5.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2016-3080","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-1484.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2016-1484.html"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1320942","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1320942"}]}},"nvd":{"publishedDate":"2016-08-05 14:59:00","lastModifiedDate":"2023-02-12 23:18:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"3080","Ordinal":"88954","Title":"CVE-2016-3080","CVE":"CVE-2016-3080","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"3080","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"3080","Ordinal":"2","NoteData":"2016-08-05","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"3080","Ordinal":"3","NoteData":"2016-08-05","Type":"Other","Title":"Modified"}]}}}