Skip to main content

Satellite CVE-2016-2104

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2017-04-13 secalert@redhat.com
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 13, 2017 - 14:59 cve.org
MEDIUM 6.1

DescriptionCVE.org

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags.

AnalysisAI

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags. Affected products include: Redhat Satellite.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2016-9843 CRITICAL
9.8 May 23

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via v

CVE-2016-9841 CRITICAL
9.8 May 23

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointe

CVE-2017-5929 CRITICAL
9.8 Mar 13

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver compon

CVE-2019-3891 HIGH POC
7.8 Apr 15

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the cr

CVE-2018-1000632 HIGH POC
7.5 Aug 20

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Rated high severi

CVE-2017-10309 HIGH POC
7.1 Oct 19

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated high severity (CVSS 7.1), thi

CVE-2016-9842 HIGH
8.8 May 23

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact v

CVE-2016-9840 HIGH
8.8 May 23

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper point

CVE-2021-42550 MEDIUM POC
6.6 Dec 16

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could

CVE-2017-10355 MEDIUM POC
5.3 Oct 19

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Rated me

CVE-2023-5189 MEDIUM POC
6.5 Nov 14

A path traversal vulnerability exists in Ansible when extracting tarballs. Rated medium severity (CVSS 6.5), this vulner

CVE-2018-11212 MEDIUM POC
6.5 May 16

An issue was discovered in libjpeg 9a and 9d. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab

Share

CVE-2016-2104 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy