CVE-2016-8613

A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. T...

Cross site scripting

A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. T...

PT-2018-5033 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman version 1.5.1 Description: A flaw in the remote execution plugin allows commands to be run on hosts over SSH from the Foreman web UI. When a job containing HTML tags is submitted, the console output in the web UI does not escape the...

foreman: Stored XSS vulnerability in remote execution plugin

A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. T...