CyberSec.Space Logo
返回 CVE 浏览器

CVE-2013-1823

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1870%
EPSS Percentile5.47th
Published2013年4月2日
Last Modified2026年4月29日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.

Affected Platforms (CPE)

📦
Redhat

Subscription Asset Manager

<= 1.2.0
📦
Redhat

Subscription Asset Manager

= 1.0.0
📦
Redhat

Subscription Asset Manager

= 1.1.0

References & Advisories

🔗 http://rhn.redhat.com/errata/RHSA-2013-0686.html
🔗 http://secunia.com/advisories/52774
🔗 http://www.osvdb.org/91718
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=918784
🔗 http://rhn.redhat.com/errata/RHSA-2013-0686.html
🔗 http://secunia.com/advisories/52774
🔗 http://www.osvdb.org/91718
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=918784

相关漏洞威胁

CVE-2015-75019.8

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterp...

CVE-2013-64399.3

Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does...

CVE-2014-01836.1

Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name wh...

CVE-2012-61192.1

Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, ...