XSS Vulnerability in Satellite 5 from Red Hat
CVE-2017-7538

3.5LOW

Key Information:

Vendor

Red Hat
Status
Satellite
Vendor
CVE Published:
26 July 2018

What is CVE-2017-7538?

An XSS flaw exists in Satellite 5 that allows an attacker to exploit the system by altering an organization's name. Users with the ability to modify these names can potentially inject malicious scripts, posing a threat to other Satellite users by executing unintended actions in their browsers. This vulnerability underscores the importance of implementing proper input validation and user input handling to mitigate risks associated with XSS attacks.

Affected Version(s)

Satellite 5.8

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7538
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039267
vdb-entryx_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:2645
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.