CVE-2017-15100
published 2017-11-27CVE-2017-15100: An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foreman_project | foreman | — | — |
| redhat | satellite | — | — |
| redhat | satellite_capsule | — | — |
| theforeman | foreman | < 1.16.0 | 1.16.0 |