Sylvain Maes

**Name of the Vulnerable Software and Affected Versions** Spacewalk version 1.6 **Description** A cross-site scripting (XSS) issue exists in the Lookup Login/Password form, allowing remote attackers to inject arbitrary web script or HTML via the URI. This could potentially lead to unauthorized access or control of user sessions. **Recommendations** For Spacewalk version 1.6, update to a newer version that contains a fix for this issue to prevent remote attackers from injecting arbitrary web script or HTML.