PT-2014-2510 · Red Hat · Red Hat Network Satellite

Ryan Giobbi

Published

2014-02-14

Updated

2022-02-03

CVE-2013-1871

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Red Hat Network Satellite versions 5.6

Description A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via the type parameter in the "account/EditAddress.do" endpoint.

Recommendations For version 5.6, consider restricting access to the "account/EditAddress.do" endpoint until a fix is available, and avoid using the type parameter in this endpoint to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2013-1871

RHSA-2014:0148

Affected Products

Red Hat Network Satellite

PT-2014-2510 · Red Hat · Red Hat Network Satellite

CVE-2013-1871

Weakness Enumeration

Related Identifiers

Affected Products

References · 7