CVE-2014-3653
published 2015-07-06CVE-2014-3653: Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.92%
77.3th percentile
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| theforeman | foreman | <= 1.6.0 | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-46hx-7mg5-6vx7: Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1
ghsa_unreviewed·2022-05-17
CVE-2014-3653 [MEDIUM] CWE-79 GHSA-46hx-7mg5-6vx7: Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.
Red Hat
foreman: cross-site scripting (XSS) flaw in template preview screen
vendor_redhat·2014-09-17·CVSS 4.3
CVE-2014-3653 [MEDIUM] CWE-79 foreman: cross-site scripting (XSS) flaw in template preview screen
foreman: cross-site scripting (XSS) flaw in template preview screen
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.
A cross-site scripting (XSS) flaw was found in Foreman's template preview screen. A remote attacker could use this flaw to perform cross-site scripting attacks by tricking a user into viewing a malicious template. Note that templates are commonly shared among users.
Package: foreman (OpenStack Foreman) - Will not fix
Package: foreman (Red Hat OpenStack Platform 4) - Will not fix
No detection rules found.
No public exploits indexed.
http://projects.theforeman.org/issues/7483http://theforeman.org/security.html#2014-3653http://www.securityfocus.com/bid/70046https://bugzilla.redhat.com/show_bug.cgi?id=1145398http://projects.theforeman.org/issues/7483http://theforeman.org/security.html#2014-3653http://www.securityfocus.com/bid/70046https://bugzilla.redhat.com/show_bug.cgi?id=1145398
2015-07-06
Published