Lucene search
RedhatCVELIST:CVE-2024-4812HistoryJun 05, 2024 - 3:06 p.m.
CVE-2024-4812 Katello: potential cross-site scripting exploit in ui
2024-06-0515:06:13
CWE-79
redhat
www.cve.org
10
katello
xss
exploit
foreman
javascript
host collections
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
5
Confidence
High
EPSS
0
Percentile
14.0%
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the “Description” field of a user. This code can be executed when opening certain pages, for example, Host Collections.
CNA Affected
[
{
"vendor": "Red Hat",
"product": "Red Hat Satellite 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "katello",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:satellite:6"
]
}
]Related
cve
cve
CVE-2024-4812
2024-06-05 15:15:12
nvd
nvd
CVE-2024-4812
2024-06-05 15:15:12
redhatcve
redhatcve
CVE-2024-4812
2024-06-05 15:04:59
vulnrichment
vulnrichment
CVE-2024-4812 Katello: potential cross-site scripting exploit in ui
2024-06-05 15:06:13
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
5
Confidence
High
EPSS
0
Percentile
14.0%
Related for CVELIST:CVE-2024-4812