← Volver a CVEs
CVE-2011-3344
MEDIUM5.4
Descripcion
A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting (XSS) vulnerability in the Lookup Login/Password form by injecting arbitrary web script or HTML via the URI. This can lead to information disclosure or unauthorized actions within the user's browser session.
Detalles CVE
Puntuacion CVSS v3.15.4
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado2/5/2014
Ultima modificacion4/29/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
redhat:network_satelliteredhat:spacewalk
Debilidades (CWE)
CWE-79CWE-79
Referencias
http://www.redhat.com/support/errata/RHSA-2011-1299.html(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2011-3344(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=731647(secalert@redhat.com)
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=890781d7ec983e32fe83af2f7c033d087292851f(secalert@redhat.com)
https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html(secalert@redhat.com)
http://www.redhat.com/support/errata/RHSA-2011-1299.html(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=731647(af854a3a-2127-422b-91ae-364da2661108)
https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=890781d7ec983e32fe83af2f7c033d087292851f(af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.