PT-2018-8403 · Red Hat · Satellite

Publicado

2017-08-25

Atualizado

2019-10-09

CVE-2017-7538

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Satellite versions prior to 5.8

Description A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite. This issue could be exploited by a user who can change an organization's name to perform XSS attacks against other Satellite users.

Recommendations For versions prior to 5.8, update to version 5.8 or later to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2017-7538

RHSA-2017:2645

SUSE-SU-2017:2257-1

SUSE-SU-2017:2453-1

Produtos afetados

Satellite

PT-2018-8403 · Red Hat · Satellite

CVE-2017-7538

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 71