Vulnerability Description
A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through various input fields, such as the "Filter by Synopsis" field. This could lead to the execution of malicious code in a user's web browser, potentially compromising user sessions or disclosing sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Network Satellite | - |
| Redhat | Spacewalk | 1.6 |
Related Weaknesses (CWE)
References
- http://www.redhat.com/support/errata/RHSA-2011-1299.htmlPatchVendor Advisory
- https://access.redhat.com/security/cve/CVE-2011-2920
- https://bugzilla.redhat.com/show_bug.cgi?id=681032Vendor Advisory
- https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.hVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2011-1299.htmlPatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=681032Vendor Advisory
- https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.hVendor Advisory
FAQ
What is CVE-2011-2920?
CVE-2011-2920 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through variou...
How severe is CVE-2011-2920?
CVE-2011-2920 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2920?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Network Satellite, Redhat Spacewalk.