Redhat : Security vulnerabilities, CVEs xss, cross site scripting published in 2016

CVE-2016-2103

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do.

Max CVSS

6.1

EPSS Score

0.13%

Published

2016-04-14

Updated

2023-02-12

CVE-2016-3079

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).

Max CVSS

6.1

EPSS Score

0.28%

Published

2016-04-14

Updated

2023-02-12

CVE-2016-3080

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.

Max CVSS

6.1

EPSS Score

0.13%

Published

2016-08-05

Updated

2023-02-12

CVE-2016-3097

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.

Max CVSS

6.1

EPSS Score

0.13%

Published

2016-08-05

Updated

2023-02-12

CVE-2016-7033

Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Max CVSS

6.1

EPSS Score

0.13%

Published

2016-09-07

Updated

2018-01-05

CVE-2016-1000007

Pagure 2.2.1 XSS in raw file endpoint

Max CVSS

6.1

EPSS Score

0.10%

Published

2016-10-07

Updated

2020-05-14

CVE-2015-0284

Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.

Max CVSS

5.4

EPSS Score

0.16%

Published

2016-04-14

Updated

2023-02-13

CVE-2016-4428

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

Max CVSS

5.4

EPSS Score

0.10%

Published

2016-07-12

Updated

2023-02-12

CVE-2016-5398

Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.

Max CVSS

5.4

EPSS Score

0.11%

Published

2016-10-03

Updated

2016-10-04

Redhat : Security Vulnerabilities, CVEs, Published In 2016 (XSS)