Keqin Hong

**Name of the Vulnerable Software and Affected Versions** Foreman versions prior to 1.4.2 **Description** The issue allows remote attackers to hijack web sessions. This is achieved via the session id cookie. **Recommendations** For versions prior to 1.4.2, update to version 1.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and sessions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Foreman versions 1.4.x through 1.4.1 **Description** A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark. **Recommendations** For Foreman versions 1.4.x through 1.4.1, update to version 1.4.2 to resolve the issue.