CVE-2016-2104

Name of the Vulnerable Software and Affected Versions Red Hat Satellite 5 (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected API endpoints and parameters include: (1) the label parameter to "/admin/BunchDetail.do" (2) the package name, (3) search subscribed channels, or (4) channel filter parameter to "/software/packages/NameOverview.do". Additionally, there are unspecified vectors related to <input:hidden> or <bean:message> tags.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.