CVE-2011-2920 vulnerability in Red Hat Products
Published on February 5, 2014
Spacewalk: spacewalk: cross-site scripting vulnerability allows arbitrary web script execution.
A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through various input fields, such as the "Filter by Synopsis" field. This could lead to the execution of malicious code in a user's web browser, potentially compromising user sessions or disclosing sensitive information.
Vulnerability Analysis
CVE-2011-2920 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Timeline
Reported to Red Hat.
Made public.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2011-2920 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2011-2920
Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.
Affected Versions
Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 7:Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.