Описание
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
Ссылки
- ExploitVendor Advisory
- Issue TrackingThird Party AdvisoryVDB Entry
- Vendor Advisory
- ExploitVendor Advisory
- Issue TrackingThird Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
EPSS
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
Cross-site scripting (XSS) vulnerability in the search auto-completion ...
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
EPSS
5.4 Medium
CVSS3
3.5 Low
CVSS2