Vulnerability Name: | CVE-2013-1871 (CCN-103078) | ||||||||
Assigned: | 2013-02-19 | ||||||||
Published: | 2013-02-19 | ||||||||
Updated: | 2022-02-03 | ||||||||
Summary: | Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-79 | ||||||||
Vulnerability Consequences: | Cross-Site Scripting | ||||||||
References: | Source: MITRE Type: CNA CVE-2013-1871 Source: OSVDB Type: UNKNOWN 103211 Source: CCN Type: RHSA-2014-0148 Moderate: spacewalk-java, spacewalk-web and satellite-branding security update Source: REDHAT Type: Vendor Advisory RHSA-2014:0148 Source: SECUNIA Type: UNKNOWN 56952 Source: CCN Type: Red Hat Bugzilla Bug 923467 Bug 923467 - (CVE-2013-1871) CVE-2013-1871 Satellite/Spacewalk: XSS in EditAddress page Source: CONFIRM Type: Patch https://bugzilla.redhat.com/show_bug.cgi?id=923467 Source: XF Type: UNKNOWN spacewalk-cve20131871-xss(103078) Source: CONFIRM Type: UNKNOWN https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f Source: CCN Type: Red Hat Security Advisory RHSA-2014:0148-1 Moderate: spacewalk-java, spacewalk-web and satellite-branding security update Source: CCN Type: SUSE Security announcement SUSE-SU-2014:0222-1 SUSE-SU-2014:0222-1 Source: SUSE Type: UNKNOWN SUSE-SU-2014:0222 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |