CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-3654

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.1%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2014-3654

Redhat » Satellite » Version: 5.5

cpe:2.3:a:redhat:satellite:5.5
Redhat » Satellite » Version: 5.6

cpe:2.3:a:redhat:satellite:5.6
Redhat » Satellite With Embedded Oracle » Version: 5.5

cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.5
Redhat » Spacewalk-Java » Version: 2.0.2

cpe:2.3:a:redhat:spacewalk-java:2.0.2
Suse » Manager » Version: 1.7

cpe:2.3:a:suse:manager:1.7
Suse » Manager Server » Version: N/A

cpe:2.3:a:suse:manager_server:-
Suse » Suse Linux Enterprise Server » Version: 11

cpe:2.3:o:suse:suse_linux_enterprise_server:11

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-3654

Products

Pricing

Contact Us