Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-6319

Опубликовано: 09 авг. 2016
Источник: redhat
CVSS3: 6.1
CVSS2: 4.9
EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.

It was found that foreman is vulnerable to a stored XSS via a job template with a malformed name. This could allow an attacker with privileges to set the name in a template to display arbitrary HTML including scripting code within the web interface.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 1.3foremanWill not fix
Red Hat Satellite 6.3 for RHEL 7candlepinFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foremanFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-bootloaders-redhatFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-discovery-imageFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-installerFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-proxyFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-selinuxFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7hieraFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7katelloFixedRHSA-2018:033621.02.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1365815foreman: Persistent XSS in Foreman remote execution plugin

EPSS

Процентиль: 72%
0.00734
Низкий

6.1 Medium

CVSS3

4.9 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2016-6319

CVSS3: 6.1
nvd
больше 9 лет назад

Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.

debian логотип

CVE-2016-6319

CVSS3: 6.1
debian
больше 9 лет назад

Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb ...

github логотип

GHSA-63pc-xj3r-v6f8

CVSS3: 6.1
github
больше 3 лет назад

Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.

EPSS

Процентиль: 72%
0.00734
Низкий

6.1 Medium

CVSS3

4.9 Medium

CVSS2