Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2013-1823 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 4.3 |
---|---|
Base Metrics | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | Partial |
Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Subscription Asset Manager 1.2 (katello) | RHSA-2013:0686 | 2013-03-26 |