CVE-2015-5282
published 2017-09-25CVE-2015-5282: Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
PriorityP422medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
0.99%
58.2th percentile
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
| theforeman | foreman | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-75rp-c7cc-g6jh: Cross-site scripting (XSS) vulnerability in Foreman 1
ghsa_unreviewed·2022-05-17
CVE-2015-5282 [MEDIUM] CWE-79 GHSA-75rp-c7cc-g6jh: Cross-site scripting (XSS) vulnerability in Foreman 1
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
Red Hat
foreman: XSS in hidden parameter value switcher
vendor_redhat·2015-09-17·CVSS 6.1
CVE-2015-5282 [MEDIUM] CWE-79 foreman: XSS in hidden parameter value switcher
foreman: XSS in hidden parameter value switcher
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
Statement: This issue affects the versions of foreman as shipped with Red Hat Satellite 6. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: foreman (OpenStack Foreman) - Will not fix
Package: foreman (Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer) - Will not fix
No detection rules found.
No public exploits indexed.
http://projects.theforeman.org/issues/11859http://www.openwall.com/lists/oss-security/2015/09/21/3https://bugzilla.redhat.com/show_bug.cgi?id=1264221https://github.com/theforeman/foreman/commit/4f3555b217be8723e8045f9816d147b5f684ec57https://theforeman.org/security.html#2015-5282http://projects.theforeman.org/issues/11859http://www.openwall.com/lists/oss-security/2015/09/21/3https://bugzilla.redhat.com/show_bug.cgi?id=1264221https://github.com/theforeman/foreman/commit/4f3555b217be8723e8045f9816d147b5f684ec57https://theforeman.org/security.html#2015-5282
2017-09-25
Published