CVE-2014-3653

Опубликовано: 06 июл. 2015

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.

Ссылки

http://projects.theforeman.org/issues/7483
Exploit
Vendor Advisory
http://theforeman.org/security.html#2014-3653
Vendor Advisory
http://www.securityfocus.com/bid/70046
https://bugzilla.redhat.com/show_bug.cgi?id=1145398
http://projects.theforeman.org/issues/7483
Exploit
Vendor Advisory
http://theforeman.org/security.html#2014-3653
Vendor Advisory
http://www.securityfocus.com/bid/70046
https://bugzilla.redhat.com/show_bug.cgi?id=1145398

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*

Версия до 1.6.0 (включая)

EPSS

Процентиль: 59%

0.00389

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2014-3653

redhat

больше 11 лет назад

Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.

CVE-2014-3653

debian

больше 10 лет назад

Cross-site scripting (XSS) vulnerability in the template preview funct ...

GHSA-46hx-7mg5-6vx7

github

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.

EPSS

Процентиль: 59%

0.00389

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79