{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-09-15T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-05T17:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[Spacewalk-announce-list] 20111222 Spacewalk 1.6 has been released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html"}, {"name": "RHSA-2011:1299", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1299.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713478"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:15:31.782Z"}, "title": "CVE Program Container", "references": [{"name": "[Spacewalk-announce-list] 20111222 Spacewalk 1.6 has been released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html"}, {"name": "RHSA-2011:1299", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1299.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713478"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2919", "datePublished": "2014-02-05T18:00:00", "dateReserved": "2011-07-27T00:00:00", "dateUpdated": "2024-08-06T23:15:31.782Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:network_satellite:-:*:*:*:*:*:*:*", "matchCriteriaId": "181F4E02-1FFA-4EFD-9DBF-3E23EFC200AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:spacewalk:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "F66E06D8-78D7-492A-992C-8A70B5C36A97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page."}, {"lang": "es", "value": "Vulnerabilidad de XSS en Spacewalk 1.6, utilizado en Red Hat Network (RHN) Satellite, permite a atacantes remotos inyectar script Web o HTML a trav\u00e9s de QueryString hacia la p\u00e1gina SystemGroupList.do."}], "id": "CVE-2011-2919", "lastModified": "2024-11-21T01:29:16.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-05T18:55:05.927", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1299.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713478"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-1299.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713478"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Daniel Karanja Muturi for reporting this issue.", "affected_release": [{"advisory": "RHSA-2011:1299", "cpe": "cpe:/a:redhat:network_satellite:5.4::el5", "package": "spacewalk-config-0:1.2.2-7.el6sat", "product_name": "Red Hat Network Satellite Server v 5.4", "release_date": "2011-09-15T00:00:00Z"}, {"advisory": "RHSA-2011:1299", "cpe": "cpe:/a:redhat:network_satellite:5.4::el5", "package": "spacewalk-java-0:1.2.39-98.el6sat", "product_name": "Red Hat Network Satellite Server v 5.4", "release_date": "2011-09-15T00:00:00Z"}, {"advisory": "RHSA-2011:1299", "cpe": "cpe:/a:redhat:network_satellite:5.4::el5", "package": "spacewalk-web-0:1.2.7-20.el5sat", "product_name": "Red Hat Network Satellite Server v 5.4", "release_date": "2011-09-15T00:00:00Z"}], "bugzilla": {"description": "Spacewalk: XSS on SystemGroupList.do page", "id": "713478", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713478"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page."], "name": "CVE-2011-2919", "public_date": "2011-09-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-2919\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-2919"], "threat_severity": "Moderate"}