PT-2018-8403 · Red Hat · Satellite

Published

2017-08-25

Updated

2019-10-09

CVE-2017-7538

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Satellite versions prior to 5.8

Description A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite. This issue could be exploited by a user who can change an organization's name to perform XSS attacks against other Satellite users.

Recommendations For versions prior to 5.8, update to version 5.8 or later to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-7538

RHSA-2017:2645

SUSE-SU-2017:2257-1

SUSE-SU-2017:2453-1

Affected Products

Satellite

PT-2018-8403 · Red Hat · Satellite

CVE-2017-7538

Weakness Enumeration

Related Identifiers

Affected Products

References · 71