2 matches found
CVE-2016-8613
A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. T...
CVE-2014-3491
The CVE-2014-3491 issue is a Cross-site Scripting (XSS) in Foreman before 1.4.5 and in 1.5.x before 1.5.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the Name field on the New Host groups page, tied to create, update, and destroy notification boxes. Affec...