Red Hat · Red Hat Network Satellite · CVE-2011-4346
**Name of the Vulnerable Software and Affected Versions**
Red Hat Network (RHN) Satellite version 5.4.1
**Description**
A cross-site scripting (XSS) issue exists in the web interface, allowing remote authenticated users to inject arbitrary web script or HTML via the `Description` field of the asset tag in a Custom Info page.
**Recommendations**
For Red Hat Network (RHN) Satellite version 5.4.1, consider restricting access to the Custom Info page until a fix is available, and avoid using the `Description` field in the asset tag to minimize the risk of exploitation.