CVE-2014-3531
published 2017-10-18CVE-2014-3531: Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the…
PriorityP422medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
1.17%
63.5th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| theforeman | foreman | <= 1.5.1 | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fvgq-9cr6-84mj: Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1
ghsa_unreviewed·2022-05-17
CVE-2014-3531 [MEDIUM] CWE-79 GHSA-fvgq-9cr6-84mj: Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1
Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description.
Red Hat
foreman: XSS with operating system name/description
vendor_redhat·2014-07-11·CVSS 5.4
CVE-2014-3531 [MEDIUM] CWE-79 foreman: XSS with operating system name/description
foreman: XSS with operating system name/description
Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description.
Statement: This issue was fixed in current releases of foreman on Satellite 6.
Package: foreman (OpenStack Foreman) - Not affected
Package: ruby193-foreman (Red Hat OpenStack Platform 3) - Will not fix
Package: foreman (Red Hat OpenStack Platform 4) - Will not fix
No detection rules found.
No public exploits indexed.
http://projects.theforeman.org/issues/6580https://bugzilla.redhat.com/show_bug.cgi?id=1108745https://github.com/theforeman/foreman/pull/1580https://theforeman.org/security.html#2014-3531http://projects.theforeman.org/issues/6580https://bugzilla.redhat.com/show_bug.cgi?id=1108745https://github.com/theforeman/foreman/pull/1580https://theforeman.org/security.html#2014-3531
2017-10-18
Published