Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.Referenceshttp://secunia.com/advisories/52774http://www.osvdb.org/91718https://bugzilla.redhat.com/show_bug.cgi?id=918784http://rhn.redhat.com/errata/RHSA-2013-0686.html
