CVE-2017-7538

Description

A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Affected products

Red Hat / Satellite5.8 – 5.8

References

MISChttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7538
MISChttp://www.securitytracker.com/id/1039267
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2017:2645