Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before 3.9.0 are vulnerable.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Katello 跨站脚本漏洞
Vulnerability Description
Katello是一款系统管理引擎,它可提供配置管理、订阅管理和内容管理的工作流。 Katello 3.9.0版本中存在跨站脚本漏洞。远程攻击者可借助Subscriptions或Red Hat Repositories向导程序利用该漏洞执行恶意脚本并提取高权限用户的反跨站请求伪造令牌。
CVSS Information
N/A
Vulnerability Type
N/A