Unrated severityNVD Advisory· Published Jul 26, 2018· Updated Aug 5, 2024
CVE-2017-7538
CVE-2017-7538
Description
A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users.
Affected products
33- osv-coords32 versionspkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/jabberd&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/osad&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/rhnpush&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/salt-netapi-client&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/salt-netapi-client&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/smdba&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/smdba&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacewalk-branding&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/spacewalk-branding&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacewalk-config&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacewalk-search&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/spacewalk-search&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacewalk-setup-jabberd&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/spacewalk-utils&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%203.0pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/virtual-host-gatherer&distro=SUSE%20Manager%20Server%203.0
< 2.6.6-5.3.1+ 31 more
- (no CPE)range: < 2.6.6-5.3.1
- (no CPE)range: < 2.6.1-3.3.1
- (no CPE)range: < 5.11.80.3-2.3.1
- (no CPE)range: < 5.5.104.3-2.3.2
- (no CPE)range: < 0.12.0-16.3.1
- (no CPE)range: < 0.12.0-3.3.1
- (no CPE)range: < 1.6.0-0.7.3.1
- (no CPE)range: < 1.5.8-0.2.3.1
- (no CPE)range: < 2.7.8.6-2.3.1
- (no CPE)range: < 2.5.24.13-26.8.1
- (no CPE)range: < 2.7.73.7-2.3.1
- (no CPE)range: < 2.5.2.14-16.3.1
- (no CPE)range: < 2.7.2.7-2.3.1
- (no CPE)range: < 2.7.0.7-2.3.1
- (no CPE)range: < 2.5.2.8-13.3.1
- (no CPE)range: < 2.5.59.17-27.6.1
- (no CPE)range: < 2.7.46.5-2.3.1
- (no CPE)range: < 2.5.2.3-4.3.1
- (no CPE)range: < 2.7.3.2-2.3.4
- (no CPE)range: < 2.5.0.3-2.3.1
- (no CPE)range: < 2.7.10.5-2.3.1
- (no CPE)range: < 2.5.7.18-25.6.1
- (no CPE)range: < 2.7.1.10-2.3.1
- (no CPE)range: < 3.0.23-25.3.1
- (no CPE)range: < 3.1.8-2.3.1
- (no CPE)range: < 3-25.3.1
- (no CPE)range: < 3-10.3.1
- (no CPE)range: < 3.0.21-25.3.1
- (no CPE)range: < 3.1.9-2.3.1
- (no CPE)range: < 3.0.18-28.3.1
- (no CPE)range: < 3.1.6-2.3.1
- (no CPE)range: < 1.0.14-7.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- access.redhat.com/errata/RHSA-2017:2645mitrevendor-advisoryx_refsource_REDHAT
- www.securitytracker.com/id/1039267mitrevdb-entryx_refsource_SECTRACK
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.