Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form.
References
Link | Resource |
---|---|
http://projects.theforeman.org/issues/16022 | Vendor Advisory |
http://www.securityfocus.com/bid/92431 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHBA-2016:1885 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1365785 | Issue Tracking |
https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796d16aca26e4d240a0 | Patch |
https://theforeman.org/security.html#2016-6320 | Patch Vendor Advisory |
Configurations
History
13 Feb 2023, 04:50
Type | Values Removed | Values Added |
---|---|---|
Summary | Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form. | |
References |
|
02 Feb 2023, 21:17
Type | Values Removed | Values Added |
---|---|---|
Summary | A cross-site scripting (XSS) flaw was found in the "Device Identifier" field of the new host provisioning components of Red Hat Satellite. A user able to create a new host could exploit this flaw to perform XSS attacks against other Satellite users. | |
References |
|
Information
Published : 2016-08-19 21:59
Updated : 2023-12-10 11:46
NVD link : CVE-2016-6320
Mitre link : CVE-2016-6320
CVE.ORG link : CVE-2016-6320
JSON object : View
Products Affected
theforeman
- foreman
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')