foreman is vulnerable to cross-site scripting. A remotely authenticated user is able to inject and execute arbitrary Javascript in another user’s browser via the bookmark name.
projects.theforeman.org/issues/4456
secunia.com/advisories/57575
theforeman.org/security.html
access.redhat.com/documentation/en-US/Red_Hat_Satellite/
access.redhat.com/errata/RHEA-2014:1175
access.redhat.com/security/cve/CVE-2014-0089
access.redhat.com/site/documentation/
bugzilla.redhat.com/show_bug.cgi?id=1071741