PT-2011-4937 · Red Hat · Red Hat Network Satellite
William Hoffmann
·
Published
2011-12-10
·
Updated
2023-02-13
·
CVE-2011-4346
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat Network (RHN) Satellite version 5.4.1
Description
A cross-site scripting (XSS) issue exists in the web interface, allowing remote authenticated users to inject arbitrary web script or HTML via the
Description field of the asset tag in a Custom Info page.Recommendations
For Red Hat Network (RHN) Satellite version 5.4.1, consider restricting access to the Custom Info page until a fix is available, and avoid using the
Description field in the asset tag to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Network Satellite