CVE-2016-8639

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
5.4MEDIUM
EPSS
0.6%
top 31.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Theforeman ForemanTHE Foreman Project ForemanRedhat Satellite+1 more
Timeline
PublishedAug 1
Latest updateMay 13

Description

It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

NVDtheforeman/foreman< 1.13.0
CVEListV5the_foreman_project/foreman1.13.0

🔴Vulnerability Details

2
GHSA
GHSA-mwqr-rg79-hjrr: It was found that foreman before 12022-05-13
CVEList
CVE-2016-8639: It was found that foreman before 12018-08-01

📋Vendor Advisories

1
Red Hat
foreman: Stored XSS via organization/location with HTML in name2016-05-12

💬Community

1
Bugzilla
CVE-2016-8639 foreman: Stored XSS via organization/location with HTML in name2016-11-09