CVE-2015-0284

Name of the Vulnerable Software and Affected Versions Spacewalk and Red Hat Satellite version 5.7

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details.

Recommendations For Spacewalk and Red Hat Satellite version 5.7, as a temporary workaround, consider restricting access to the XMLRPC API until a patch is available. Avoid using crafted XML data in the API to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.