rpm package
suse/spacewalk-backend&distro=SUSE Manager 2.1
pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%202.1
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-2104 | Med | 6.1 | < 2.1.55.25-24.5 | 2.1.55.25-24.5 | Apr 13, 2017 | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to s | |
| CVE-2016-3097 | Med | 6.1 | < 2.1.55.25-24.5 | 2.1.55.25-24.5 | Aug 5, 2016 | Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data. | |
| CVE-2016-3079 | Med | 6.1 | < 2.1.55.25-24.5 | 2.1.55.25-24.5 | Apr 14, 2016 | Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDeta | |
| CVE-2016-2103 | Med | 6.1 | < 2.1.55.25-24.5 | 2.1.55.25-24.5 | Apr 14, 2016 | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.d | |
| CVE-2015-0284 | Med | 5.4 | < 2.1.55.25-24.5 | 2.1.55.25-24.5 | Apr 14, 2016 | Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of a |
- affected < 2.1.55.25-24.5fixed 2.1.55.25-24.5
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to s
- affected < 2.1.55.25-24.5fixed 2.1.55.25-24.5
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.
- affected < 2.1.55.25-24.5fixed 2.1.55.25-24.5
Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDeta
- affected < 2.1.55.25-24.5fixed 2.1.55.25-24.5
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.d
- affected < 2.1.55.25-24.5fixed 2.1.55.25-24.5
Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of a