2 matches found
CVE-2024-4812 Katello: potential cross-site scripting exploit in ui
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections...
CVE-2024-4812
The CVE-2024-4812 entries describe a stored cross-site scripting (XSS) vulnerability in the Katello plugin for Foreman, where malicious JavaScript can be saved in a user Description field and executed when loading pages such as Host Collections. Root cause: insufficient input sanitization of the ...