CVE-2016-6320
published 2016-08-19CVE-2016-6320: Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject…
PriorityP423medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
0.94%
56.3th percentile
Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| theforeman | foreman | <= 1.12.1 | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
satellite6: stored XSS while provisioning new host
vendor_redhat·2016-08-10·CVSS 5.4
CVE-2016-6320 [MEDIUM] CWE-79 satellite6: stored XSS while provisioning new host
satellite6: stored XSS while provisioning new host
Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form.
A cross-site scripting (XSS) flaw was found in the "Device Identifier" field of the new host provisioning components of Red Hat Satellite. A user able to create a new host could exploit this flaw to perform XSS attacks against other Satellite users.
GHSA
GHSA-q7gw-xhj8-rjh9: Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces
ghsa_unreviewed·2022-05-14
CVE-2016-6320 [MEDIUM] CWE-79 GHSA-q7gw-xhj8-rjh9: Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces
Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form.
No detection rules found.
No public exploits indexed.
http://projects.theforeman.org/issues/16022http://www.securityfocus.com/bid/92431https://access.redhat.com/errata/RHBA-2016:1885https://bugzilla.redhat.com/show_bug.cgi?id=1365785https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796d16aca26e4d240a0https://theforeman.org/security.html#2016-6320http://projects.theforeman.org/issues/16022http://www.securityfocus.com/bid/92431https://access.redhat.com/errata/RHBA-2016:1885https://bugzilla.redhat.com/show_bug.cgi?id=1365785https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796d16aca26e4d240a0https://theforeman.org/security.html#2016-6320
2016-08-19
Published