CVE-2014-0089
published 2014-03-27CVE-2014-0089: Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.89%
77.0th percentile
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Theforeman Foreman 1.4.0/1.4.1 cross site scripting (Issue 4456 / SA57575)
vuldb·2026-05-09·CVSS 4.3
CVE-2014-0089 [MEDIUM] Theforeman Foreman 1.4.0/1.4.1 cross site scripting (Issue 4456 / SA57575)
A vulnerability identified as problematic has been detected in Theforeman Foreman 1.4.0/1.4.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is listed as CVE-2014-0089. The attack may be initiated remotely. There is no available exploit.
You should upgrade the affected component.
GHSA
GHSA-mh5h-8x3h-9w7c: Cross-site scripting (XSS) vulnerability in app/views/common/500
ghsa_unreviewed·2022-05-17
CVE-2014-0089 [MEDIUM] CWE-79 GHSA-mh5h-8x3h-9w7c: Cross-site scripting (XSS) vulnerability in app/views/common/500
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.
Red Hat
Foreman: Stored Cross Site Scripting
vendor_redhat·2014-03-24·CVSS 4.3
CVE-2014-0089 [MEDIUM] CWE-79 Foreman: Stored Cross Site Scripting
Foreman: Stored Cross Site Scripting
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.
Statement: Not vulnerable. This issue did not affect the versions of foreman as shipped with Red Hat Enterprise Linux OpenStack Platform 3 or 4.
Package: ruby193-foreman (Red Hat OpenStack Platform 3) - Not affected
Package: foreman (Red Hat OpenStack Platform 4) - Not affected
No detection rules found.
No public exploits indexed.
http://projects.theforeman.org/issues/4456http://secunia.com/advisories/57575http://theforeman.org/security.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1071741http://projects.theforeman.org/issues/4456http://secunia.com/advisories/57575http://theforeman.org/security.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1071741
2014-03-27
Published