Описание
A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side.
Ссылки
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
EPSS
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side.
A flaw was found in foreman from versions 1.18. A stored cross-site sc ...
A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side.
EPSS
5.4 Medium
CVSS3
3.5 Low
CVSS2