Red Hat Enterprise MRG Management Console Multiple Cross Site Scripting Vulnerabilities

Bugtraq ID:	53000
Class:	Input Validation Error
CVE:	CVE-2012-1575
Remote:	Yes
Local:	No
Published:	Apr 12 2012 12:00AM
Updated:	Jan 01 2013 12:40PM
Credit:	Red Hat
Vulnerable:	Red Hat MRG Management RHEL 6 Server 2 Red Hat MRG Management RHEL 5 Server 2
Not Vulnerable:

Red Hat Enterprise MRG Management Console Multiple Cross Site Scripting Vulnerabilities

Red Hat Enterprise MRG Management Console is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Red Hat Enterprise MRG Management Console Multiple Cross Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.

Red Hat Enterprise MRG Management Console Multiple Cross Site Scripting Vulnerabilities

Solution:
Vendor updates are available. Please see the references for more information.

Red Hat Enterprise MRG Management Console Multiple Cross Site Scripting Vulnerabilities

References:

• Red Hat Homepage (Red Hat)