Vulnerability Details CVE-2017-7514
A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.9%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 3.5
References
Products affected by CVE-2017-7514
-
cpe:2.3:a:redhat:satellite:3.7
-
cpe:2.3:a:redhat:satellite:4.0
-
cpe:2.3:a:redhat:satellite:4.1
-
cpe:2.3:a:redhat:satellite:4.2
-
cpe:2.3:a:redhat:satellite:5
-
cpe:2.3:a:redhat:satellite:5.0
-
cpe:2.3:a:redhat:satellite:5.1
-
cpe:2.3:a:redhat:satellite:5.1.1
-
cpe:2.3:a:redhat:satellite:5.2
-
cpe:2.3:a:redhat:satellite:5.3
-
cpe:2.3:a:redhat:satellite:5.4
-
cpe:2.3:a:redhat:satellite:5.4.1
-
cpe:2.3:a:redhat:satellite:5.5
-
cpe:2.3:a:redhat:satellite:5.6
-
cpe:2.3:a:redhat:satellite:5.7
-
cpe:2.3:a:redhat:satellite:5.8