CVE-2024-4812

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections...

CVE-2024-4812 Katello: potential cross-site scripting exploit in ui

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections...

CVE-2024-4812

The CVE-2024-4812 entries describe a stored cross-site scripting (XSS) vulnerability in the Katello plugin for Foreman, where malicious JavaScript can be saved in a user Description field and executed when loading pages such as Host Collections. Root cause: insufficient input sanitization of the ...

CVE-2024-4812

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections...

Cross-site Scripting (XSS)

Overview katello is a package that adds Content and Subscription Management to Foreman Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of the Description field in the user interface. An attacker can execute arbitrary JavaScript code by...