Cross-Site Scripting in Red Hat Satellite
CVE-2017-12175

3.5LOW

Key Information:

Vendor
Red Hat
Status
Vendor
CVE Published:
26 July 2018

Summary

Red Hat Satellite versions prior to 6.5 are susceptible to a Cross-Site Scripting vulnerability. This flaw occurs within the discovery rule feature when users input filters utilizing the autocomplete functionality. An attacker could exploit this vulnerability to inject malicious scripts into the web application, potentially compromising user data and session integrity.

Affected Version(s)

Satellite 6.5

References

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.