CVE-2015-0284 - Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk a - CVEs Blog

Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0284

Reference (s):

https://bugzilla.redhat.com/show_bug.cgi?id=1181152
https://bugzilla.redhat.com/show_bug.cgi?id=1181472
https://bugzilla.redhat.com/show_bug.cgi?id=1314906
https://bugzilla.redhat.com/show_bug.cgi?id=1315398
https://github.com/spacewalkproject/spacewalk/commit/dd418384171473c3e31386a1b4792f8c555dc744

CVE-2015-0284 – Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk a

Something Fresh

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-27216 - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 1

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

What People Reading

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2015-0320 - Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and

CVE-2020-26212 - GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

CVE-2015-0353 - Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.

Categories

Partners

Just add here your partners image or promo text