CVE-2014-3595

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
22/09/2014
Last modified:
12/04/2025

Description

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:redhat:satellite:5.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite_with_embedded_oracle:5.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:spacewalk-java:1.2.39:*:*:*:*:*:*:*
cpe:2.3:a:redhat:spacewalk-java:1.7.54:*:*:*:*:*:*:*
cpe:2.3:a:redhat:spacewalk-java:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:suse:manager:1.7:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:*:*:*:*
cpe:2.3:a:suse:manager_server:-:*:*:*:*:*:*:*