Lucene search

[email protected]CVE-2014-3491

HistoryJul 01, 2014 - 4:55 p.m.

CVE-2014-3491

2014-07-0116:55:02

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-3491

cross-site scripting

xss vulnerability

foreman 1.4.5

foreman 1.5.1

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

49.7%

JSON

Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page, related to create, update, and destroy notification boxes.

Affected configurations

NVD

Node

theforemanforemanRange≤1.4.4

theforemanforemanMatch1.4.0

theforemanforemanMatch1.4.1

theforemanforemanMatch1.4.2

theforemanforemanMatch1.4.3

theforemanforemanMatch1.5.0

CPENameOperatorVersion
theforeman:foremantheforeman foremanle1.4.4
theforeman:foremantheforeman foremaneq1.4.0
theforeman:foremantheforeman foremaneq1.4.1
theforeman:foremantheforeman foremaneq1.4.2
theforeman:foremantheforeman foremaneq1.4.3
theforeman:foremantheforeman foremaneq1.5.0

CPE	Name	Operator	Version
theforeman:foreman	theforeman foreman	le	1.4.4
theforeman:foreman	theforeman foreman	eq	1.4.0
theforeman:foreman	theforeman foreman	eq	1.4.1
theforeman:foreman	theforeman foreman	eq	1.4.2
theforeman:foreman	theforeman foreman	eq	1.4.3
theforeman:foreman	theforeman foreman	eq	1.5.0

References

projects.theforeman.org/issues/5881

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

49.7%

JSON

Related for CVE-2014-3491

prion1 cvelist1 nvd1