CVE-2014-0208

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.4.4

Description: A cross-site scripting (XSS) issue exists in the search auto-completion functionality, allowing remote authenticated users to inject arbitrary web script or HTML via a crafted key name.

Recommendations: For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue.