Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-8639

Опубликовано: 12 мая 2016
Источник: redhat
CVSS3: 6.1
CVSS2: 4.9
EPSS Низкий

Описание

It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.

It was found that foreman is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 1.3foremanWill not fix
Red Hat Satellite 6.3 for RHEL 7candlepinFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foremanFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-bootloaders-redhatFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-discovery-imageFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-installerFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-proxyFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-selinuxFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7hieraFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7katelloFixedRHSA-2018:033621.02.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1393291foreman: Stored XSS via organization/location with HTML in name

EPSS

Процентиль: 68%
0.00582
Низкий

6.1 Medium

CVSS3

4.9 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2016-8639

CVSS3: 6.1
nvd
больше 7 лет назад

It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.

debian логотип

CVE-2016-8639

CVSS3: 6.1
debian
больше 7 лет назад

It was found that foreman before 1.13.0 is vulnerable to a stored XSS ...

github логотип

GHSA-mwqr-rg79-hjrr

CVSS3: 5.4
github
больше 3 лет назад

It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.

EPSS

Процентиль: 68%
0.00582
Низкий

6.1 Medium

CVSS3

4.9 Medium

CVSS2