Vulnerabilities > Redhat > Spacewalk Java > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-14 | CVE-2016-3079 | Cross-site Scripting vulnerability in Redhat Satellite and Spacewalk-Java Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM). | 6.1 |
| 2016-04-14 | CVE-2015-0284 | Cross-site Scripting vulnerability in Redhat Satellite and Spacewalk-Java Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. | 5.4 |