CVE-2015-7518 — Cross-site Scripting in Foreman

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 51.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Theforeman Foreman

Timeline

PublishedDec 17

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDtheforeman/foreman1.9.3

🔴Vulnerability Details

GHSA

GHSA-cr73-cpqp-v63j: Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1↗2022-05-17

▶

CVEList

CVE-2015-7518: Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1↗2015-12-17

▶

📋Vendor Advisories

Red Hat

foreman: Stored XSS vulnerability in smart class parameters/variables↗2015-11-26

▶

💬Community

Bugzilla

CVE-2015-7518 foreman: Stored XSS vulnerability in smart class parameters/variables↗2015-11-26

▶