Описание
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections.
Ссылки
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:katello_project:katello:-:*:*:*:*:foreman:*:*
cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00108
Низкий
4.8 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
redhat
больше 1 года назад
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections.
CVSS3: 4.8
github
больше 1 года назад
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections.
EPSS
Процентиль: 30%
0.00108
Низкий
4.8 Medium
CVSS3
Дефекты
CWE-79