Cross-Site Scripting in Red Hat Satellite
CVE-2017-12175
3.5LOW
Summary
Red Hat Satellite versions prior to 6.5 are susceptible to a Cross-Site Scripting vulnerability. This flaw occurs within the discovery rule feature when users input filters utilizing the autocomplete functionality. An attacker could exploit this vulnerability to inject malicious scripts into the web application, potentially compromising user data and session integrity.
Affected Version(s)
Satellite 6.5
References
CVSS V3.1
Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved