Bugzilla – Bug 974011
VUL-1: CVE-2016-2103: spacewalk: Satellite 5: multiple stored XSS vulnerabilities
Last modified: 2016-05-20 00:15:57 UTC
vai rh bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=1305681 Multiple XSS vulnerabilities have been reported in Satellite 5: /rhn/systems/PhysicalList.do list_1680466951_oldfilterval (Parameter) /rhn/systems/VirtualSystemsList.do VirtualSystemsList.do (Page) /rhn/systems/PhysicalList.do?list_1680466951_oldfilterval=false">Test<script>alert(1)</script> List-tag parameters and pagination - I believe we can fix these all at once with code in ListDisplayTag Kurt - Do we have a specific reproducer for VirtualSystemList? SO far I haven't been able to force a problem.
spacewalk-java update available, see https://rhn.redhat.com/errata/RHSA-2016-0590.html @security-team: What's the target date for a release ?
bugbot adjusting priority
Fix merged. Closing this bug, thanks everyone for cooperation.
SUSE-SU-2016:1367-1: An update that solves 5 vulnerabilities and has 24 fixes is now available. Category: security (moderate) Bug References: 922740,924298,958923,961002,961565,962253,966622,966737,966890,968257,968406,968851,970223,970425,970550,970672,970901,970989,971237,972341,973162,973432,973550,974010,974011,974315,976194,976826,978166 CVE References: CVE-2015-0284,CVE-2016-2103,CVE-2016-2104,CVE-2016-3079,CVE-2016-3097 Sources used: SUSE Manager 2.1 (src): cobbler-2.2.2-0.61.2, osad-5.11.33.11-15.2, rhnlib-2.5.69.8-11.2, spacewalk-backend-2.1.55.25-24.5, spacewalk-branding-2.1.33.16-18.2, spacewalk-certs-tools-2.1.6.10-18.3, spacewalk-java-2.1.165.23-20.1, spacewalk-utils-2.1.27.15-12.7, suseRegisterInfo-2.1.12-14.2, susemanager-2.1.24-23.1, susemanager-sync-data-2.1.15-30.2, susemanager-tftpsync-2.1.2-11.2