Описание
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1094642foreman: XSS in key name auto-completion
4.3 Medium
CVSS2
Связанные уязвимости
CVSS3: 5.4
nvd
больше 8 лет назад
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
CVSS3: 5.4
debian
больше 8 лет назад
Cross-site scripting (XSS) vulnerability in the search auto-completion ...
CVSS3: 5.4
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
4.3 Medium
CVSS2