CVE-2016-8639: XSS
First published: Wed Nov 09 2016(Updated: )
It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Theforeman Foreman | <1.13.0 | |
| Redhat Satellite | =6.3 | |
| Redhat Satellite Capsule | =6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/94263
- https://access.redhat.com/errata/RHSA-2018:0336
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8639
- https://github.com/theforeman/foreman/pull/3523
- https://projects.theforeman.org/issues/15037
- http://projects.theforeman.org/issues/15037
- https://bugzilla.redhat.com/show_bug.cgi?id=1393291
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-8639
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/theforeman
- canonical/theforeman foreman
- vendor/redhat
- canonical/redhat satellite
- version/redhat satellite/6.3
- canonical/redhat satellite capsule
- version/redhat satellite capsule/6.3
- package-manager/redhat