Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms.
References
Configurations
History
12 Feb 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms. | |
References |
|
02 Feb 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A stored cross-site scripting (XSS) flaw was found in the smart class parameters/variables field. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data. |
Information
Published : 2015-12-17 19:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-7518
Mitre link : CVE-2015-7518
CVE.ORG link : CVE-2015-7518
JSON object : View
Products Affected
theforeman
- foreman
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')