CVE-2014-0089 — Cross-site Scripting in Foreman

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 39.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Theforeman Foreman

Timeline

PublishedMar 27

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDtheforeman/foreman1.4.0, 1.4.1+1

Patches

Patch: projects.theforeman.org ↗Patch: projects.theforeman.org ↗

🔴Vulnerability Details

GHSA

GHSA-mh5h-8x3h-9w7c: Cross-site scripting (XSS) vulnerability in app/views/common/500↗2022-05-17

▶

CVEList

CVE-2014-0089: Cross-site scripting (XSS) vulnerability in app/views/common/500↗2014-03-27

▶

📋Vendor Advisories

Red Hat

Foreman: Stored Cross Site Scripting↗2014-03-24

▶

💬Community

Bugzilla

CVE-2014-0089 Foreman: Stored Cross Site Scripting↗2014-03-03

▶