Bug 969911 (CVE-2016-2144) - VUL-0: CVE-2016-2144: spacewalk: XSS vulnerability in users first/last name
Summary: VUL-0: CVE-2016-2144: spacewalk: XSS vulnerability in users first/last name
Status: RESOLVED DUPLICATE of bug 922740
Alias: CVE-2016-2144
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Klaus Kämpf
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv2:RedHat:CVE-2016-2144:4.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-03-07 16:31 UTC by Marcus Meissner
Modified: 2016-03-10 11:05 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-03-07 16:31:14 UTC 
https://bugzilla.redhat.com/show_bug.cgi?id=3D1315398

            Bug ID: 1315398
           Summary: CVE-2016-2144 Sat5: XSS in uset details
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team@redhat.com
          Reporter: kseifried@redhat.com
                CC: bkearney@redhat.com, meissner@suse.de, taw@redhat.com,
                    thomas@suse.de, tkasparek@redhat.com,
                    tlestach@redhat.com



Jan Huta=C5=99 of Red Hat reports a XSS vulnerability in the handling of th=
e users
first and last name within the Web UI.

External reference:
spacewalk git dd418384171473c3e31386a1b4792f8c555dc744
spacewalk git f3792c79c1c251a49cc4e382be8591636326a794
Comment 1 Swamp Workflow Management 2016-03-07 23:00:47 UTC 
bugbot adjusting priority
Comment 3 Marcus Meissner 2016-03-08 16:35:47 UTC 
redhat duplicated this to their CVE CVE-2015-0284 which is out bug 922740.

*** This bug has been marked as a duplicate of bug 922740 ***