Foreman cross-site scripting vulnerability (CNVD-2017-32872)

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. A cross-site scripting vulnerability exists in versions of Foreman prior to 1.5.2. A remote attacker can...

PT-2017-5876 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.5.2 Description: The issue allows remote authenticated users to inject arbitrary web script or HTML via the operating system 1 name or 2 description. Recommendations: For versions prior to 1.5.2, update to version...

foreman: XSS with operating system name/description

Multiple cross-site scripting XSS vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system 1 name or 2 description...