CVE-2016-8639

Name of the Vulnerable Software and Affected Versions Foreman versions prior to 1.13.0

Description A stored XSS issue was found, allowing an attacker with privileges to set an organization or location name to display arbitrary HTML, including scripting code, within the web interface.

Recommendations For versions prior to 1.13.0, update to version 1.13.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability to set organization or location names to trusted users only until a patch is applied.