CVE-2016-6320Cross-site Scripting in Foreman

CWE-79Cross-site Scripting5 documents5 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 42.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Theforeman Foreman
Timeline
PublishedAug 19
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

NVDtheforeman/foreman1.12.1

Patches

Patch: github.comPatch: theforeman.orgPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-q7gw-xhj8-rjh9: Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces2022-05-14
CVEList
CVE-2016-6320: Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces2016-08-19

📋Vendor Advisories

1
Red Hat
satellite6: stored XSS while provisioning new host2016-08-10

💬Community

1
Bugzilla
CVE-2016-6320 satellite6: stored XSS while provisioning new host2016-08-10
CVE-2016-6320 — Cross-site Scripting in Foreman | cvebase