Описание
An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page.
Отчет
This issue affects the versions of foreman as shipped with Red Hat Satellite version 6 and Ceph Storage version 1.3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 1.3 | foreman | Will not fix | ||
| Red Hat Satellite 6.4 for RHEL 7 | ansiblerole-insights-client | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | candlepin | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | createrepo_c | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | foreman | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | foreman-bootloaders-redhat | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | foreman-installer | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | foreman-proxy | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | foreman-selinux | Fixed | RHSA-2018:2927 | 16.10.2018 |
| Red Hat Satellite 6.4 for RHEL 7 | gofer | Fixed | RHSA-2018:2927 | 16.10.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page.
An attacker submitting facts to the Foreman server containing HTML can ...
An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page.
EPSS
6.1 Medium
CVSS3