A weakness and multiple vulnerabilities have been reported in Spacewalk, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
1) Certain input passed via urlBounce is not properly verified in java/code/src/com/redhat/rhn/frontend/action/LoginAction.java before being used to redirect users. This can be exploited to redirect a user to an arbitrary website.
2) Certain input related to parameter names is not properly sanitised in java/code/src/com/redhat/rhn/frontend/taglibs/list/ListTagUtil.java before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) Certain input passed related to a hidden element is not properly sanitised in java/code/src/com/redhat/rhn/frontend/taglibs/list/ListTagUtil.java before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
4) Certain input related to search pages is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
5) Certain input related to PXT and self-referencing links is not properly sanitised in web/modules/pxt/PXT/Handlers.pm before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities #1 through #5 are related to:
SA46056
