CVE-2015-7518

Опубликовано: 26 нояб. 2015

Источник: redhat

CVSS2: 3.5

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms.

A stored cross-site scripting (XSS) flaw was found in the smart class parameters/variables field. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
OpenStack Foreman	foreman	Will not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer	foreman	Will not fix
Red Hat Satellite 6.1	candlepin	Fixed	RHSA-2016:0174	15.02.2016
Red Hat Satellite 6.1	foreman	Fixed	RHSA-2016:0174	15.02.2016
Red Hat Satellite 6.1	katello-installer-base	Fixed	RHSA-2016:0174	15.02.2016
Red Hat Satellite 6.1	pulp	Fixed	RHSA-2016:0174	15.02.2016
Red Hat Satellite 6.1	pulp-puppet	Fixed	RHSA-2016:0174	15.02.2016
Red Hat Satellite 6.1	pulp-rpm	Fixed	RHSA-2016:0174	15.02.2016
Red Hat Satellite 6.1	python-kombu	Fixed	RHSA-2016:0174	15.02.2016
Red Hat Satellite 6.1	ruby193-rubygem-fog	Fixed	RHSA-2016:0174	15.02.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1285728foreman: Stored XSS vulnerability in smart class parameters/variables

EPSS

Процентиль: 49%

0.00256

Низкий

3.5 Low

CVSS2

Связанные уязвимости

CVE-2015-7518

nvd

около 10 лет назад

CVE-2015-7518

debian

около 10 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in information pop ...

GHSA-cr73-cpqp-v63j

github

больше 3 лет назад

EPSS

Процентиль: 49%

0.00256

Низкий

3.5 Low

CVSS2