We found results for “”
CVE-2014-7812
Good to know:
Date: January 15, 2015
Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Cross-Site Scripting (XSS)
CWE-79Top Fix
Upgrade Version
Upgrade to version spacewalk-web-2.3.32-1,spacewalk-utils-2.3.27-1,spacewalk-java-2.3.124,spacewalk-backend-2.3.31-1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | MEDIUM |
Authentication (AU): | SINGLE |
Confidentiality (C): | NONE |
Integrity (I): | PARTIAL |
Availability (A): | NONE |
Additional information: |