Cross-Site Scripting (XSS)

2020-08-0400:49:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

58.7%

JSON

foreman is vulnerable to cross-site scripting. A remotely authenticated user is able to inject and execute arbitrary Javascript in another user’s browser via the bookmark name.

CPENameOperatorVersion
foreman-proxyeq1.3.0__5.el6sat
foreman-proxyeq1.3.0__3.el6sat
foreman-proxyeq1.6.0.8__1.el6sat
liquibaseeq2.0.3__7.el6_2
createrepoeq0.9.8__4.el6
createrepoeq0.9.8__5.1.el6_2
createrepoeq0.9.9__18.el6
createrepoeq0.9.9__17.el6
createrepoeq0.9.8__5.el6
jboss-parenteq6__12.el7

Name	Operator	Version
foreman-proxy	eq	1.3.0__5.el6sat
foreman-proxy	eq	1.3.0__3.el6sat
foreman-proxy	eq	1.6.0.8__1.el6sat
liquibase	eq	2.0.3__7.el6_2
createrepo	eq	0.9.8__4.el6
createrepo	eq	0.9.8__5.1.el6_2
createrepo	eq	0.9.9__18.el6
createrepo	eq	0.9.9__17.el6
createrepo	eq	0.9.8__5.el6
jboss-parent	eq	6__12.el7