Lucene search
Redhat.comRH:CVE-2024-4812HistoryJun 05, 2024 - 3:04 p.m.
CVE-2024-4812
2024-06-0515:04:59
redhat.com
access.redhat.com
5
katello
plugin
foreman
malicious code
javascript
description field
user
host collections
flaw
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
5.1
Confidence
High
EPSS
0
Percentile
14.0%
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the “Description” field of a user. This code can be executed when opening certain pages, for example, Host Collections.
Related
cve
cve
CVE-2024-4812
2024-06-05 15:15:12
nvd
nvd
CVE-2024-4812
2024-06-05 15:15:12
cvelist
cvelist
CVE-2024-4812 Katello: potential cross-site scripting exploit in ui
2024-06-05 15:06:13
vulnrichment
vulnrichment
CVE-2024-4812 Katello: potential cross-site scripting exploit in ui
2024-06-05 15:06:13
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
5.1
Confidence
High
EPSS
0
Percentile
14.0%
Related for RH:CVE-2024-4812