2 matches found
CVE-2014-0208
Cross-site scripting XSS vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name...
CVE-2014-0208
CVE-2014-0208 is a Foreman XSS vulnerability in the search auto-completion, exploitable by remote authenticated users via a crafted key name in Foreman versions prior to 1.4.4. Root cause: reflected/stored XSS in the auto-complete input path (exact implementation details not provided in the docum...