CVE-2016-2104 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name (3) search_subscribed_channels or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) input:hidden or (6) bean:message tags.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://rhn.redhat.com/errata/RHSA-2016-0590.html https://bugzilla.redhat.com/show_bug.cgi?id=1305677 https://bugzilla.redhat.com/show_bug.cgi?id=1313515

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1