Lucene search

[email protected]CVE-2015-5282

HistorySep 25, 2017 - 5:29 p.m.

CVE-2015-5282

2017-09-2517:29:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-5282

cross-site scripting

xss

vulnerability

foreman

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

51.6%

JSON

Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.

Affected configurations

NVD

Node

theforemanforemanMatch1.7.0

theforemanforemanMatch1.7.1

theforemanforemanMatch1.7.2

theforemanforemanMatch1.7.3

theforemanforemanMatch1.7.4

theforemanforemanMatch1.7.5

theforemanforemanMatch1.8.0

theforemanforemanMatch1.8.1

theforemanforemanMatch1.8.2

theforemanforemanMatch1.8.3

theforemanforemanMatch1.8.4

theforemanforemanMatch1.9.0

theforemanforemanMatch1.9.1

theforemanforemanMatch1.9.2

theforemanforemanMatch1.9.3

theforemanforemanMatch1.10.0

theforemanforemanMatch1.10.1

theforemanforemanMatch1.10.2

theforemanforemanMatch1.10.3

theforemanforemanMatch1.10.4

theforemanforemanMatch1.11.0

theforemanforemanMatch1.11.1

theforemanforemanMatch1.11.2

theforemanforemanMatch1.11.3

theforemanforemanMatch1.11.4

theforemanforemanMatch1.12.0

theforemanforemanMatch1.12.1

theforemanforemanMatch1.12.2

theforemanforemanMatch1.12.3

theforemanforemanMatch1.12.4

theforemanforemanMatch1.13.0

theforemanforemanMatch1.13.1

theforemanforemanMatch1.13.2

theforemanforemanMatch1.13.3

theforemanforemanMatch1.13.4

theforemanforemanMatch1.14.0

theforemanforemanMatch1.14.1

theforemanforemanMatch1.14.2

theforemanforemanMatch1.14.3

theforemanforemanMatch1.15.0

theforemanforemanMatch1.15.1

theforemanforemanMatch1.15.2

theforemanforemanMatch1.15.3

theforemanforemanMatch1.15.4

theforemanforemanMatch1.16.0

CPENameOperatorVersion
theforeman:foremantheforeman foremaneq1.7.0
theforeman:foremantheforeman foremaneq1.7.1
theforeman:foremantheforeman foremaneq1.7.2
theforeman:foremantheforeman foremaneq1.7.3
theforeman:foremantheforeman foremaneq1.7.4
theforeman:foremantheforeman foremaneq1.7.5
theforeman:foremantheforeman foremaneq1.8.0
theforeman:foremantheforeman foremaneq1.8.1
theforeman:foremantheforeman foremaneq1.8.2
theforeman:foremantheforeman foremaneq1.8.3

CPE	Name	Operator	Version
theforeman:foreman	theforeman foreman	eq	1.7.0
theforeman:foreman	theforeman foreman	eq	1.7.1
theforeman:foreman	theforeman foreman	eq	1.7.2
theforeman:foreman	theforeman foreman	eq	1.7.3
theforeman:foreman	theforeman foreman	eq	1.7.4
theforeman:foreman	theforeman foreman	eq	1.7.5
theforeman:foreman	theforeman foreman	eq	1.8.0
theforeman:foreman	theforeman foreman	eq	1.8.1
theforeman:foreman	theforeman foreman	eq	1.8.2
theforeman:foreman	theforeman foreman	eq	1.8.3

Rows per page:

1-10 of 451

References

projects.theforeman.org/issues/11859

www.openwall.com/lists/oss-security/2015/09/21/3

bugzilla.redhat.com/show_bug.cgi?id=1264221

github.com/theforeman/foreman/commit/4f3555b217be8723e8045f9816d147b5f684ec57

theforeman.org/security.html#2015-5282

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

51.6%

JSON

Related for CVE-2015-5282

nvd1 cvelist1 prion1