Redhat: >> Satellite >> 5.6 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.
CVSS Score
3.5
EPSS Score
0.003
Published
2014-02-14
Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.
CVSS Score
3.5
EPSS Score
0.003
Published
2014-02-14
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
CVSS Score
7.5
EPSS Score
0.007
Published
2013-11-18
Page 7