First published: Thu Nov 26 2015(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Foreman | <=1.9.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-7518 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
To fix CVE-2015-7518, upgrade your Foreman installation to version 1.10.0 or later.
CVE-2015-7518 allows remote attackers to perform stored cross-site scripting (XSS) attacks via manipulated input in various forms.
CVE-2015-7518 affects all versions of Foreman prior to 1.10.0.
Yes, CVE-2015-7518 could potentially lead to data breaches by allowing attackers to execute arbitrary scripts in the context of a user's session.