Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11954

HistoryJan 15, 2019 - 9:10 a.m.

Cross-site Scripting (XSS)

2019-01-1509:10:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6

EPSS

0.002

Percentile

60.3%

foreman is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms.

References

projects.theforeman.org/issues/12611

theforeman.org/security.html#2015-7518

www.openwall.com/lists/oss-security/2015/12/09/6

access.redhat.com/errata/RHSA-2016:0174

access.redhat.com/security/cve/CVE-2015-7518

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1132659

bugzilla.redhat.com/show_bug.cgi?id=1215838

bugzilla.redhat.com/show_bug.cgi?id=1244130

bugzilla.redhat.com/show_bug.cgi?id=1259057

bugzilla.redhat.com/show_bug.cgi?id=1276911

bugzilla.redhat.com/show_bug.cgi?id=1279631

bugzilla.redhat.com/show_bug.cgi?id=1282539

bugzilla.redhat.com/show_bug.cgi?id=1285728

bugzilla.redhat.com/show_bug.cgi?id=1288855

bugzilla.redhat.com/show_bug.cgi?id=1300811

bugzilla.redhat.com/show_bug.cgi?id=1301812

rhn.redhat.com/errata/RHSA-2016-0174.html

EPSS

0.002

Percentile

60.3%

Related for VERACODE:11954

nvd1 cvelist1 nessus1 redhat1 cve1 prion1