CVE-2013-4415 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year (3) start_hour (4) end_am_pm (5) end_day (6) end_hour (7) end_minute (8) end_month (9) end_year (10) optionScanDateSearch (11) result_filter (12) search_string (13) show_as (14) start_am_pm (15) start_day (16) start_hour (17) start_minute (18) start_month (19) start_year or (20) whereToSearch variable in an scap audit results search; (21) end_minute (22) end_month (23) end_year (24) errata_type_bug (25) errata_type_enhancement (26) errata_type_security (27) fineGrained (28) list_1892635924_sortdir (29) optionIssueDateSearch (30) start_am_pm (31) start_day (32) start_hour (33) start_minute (34) start_month (35) start_year or (36) view_mode variable in an errata search; or (37) fineGrained variable in a systems search related to PAGE_SIZE_LABEL_SELECTED.

Reference

http://rhn.redhat.com/errata/RHSA-2014-0148.html http://secunia.com/advisories/56952 https://bugzilla.redhat.com/show_bug.cgi?id=979452 https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html