CVE-2017-7535

Name of the Vulnerable Software and Affected Versions Foreman versions prior to 1.16.0

Description The issue allows for a stored XSS in organizations/locations assignment to hosts. This can be exploited when a user assigns hosts to an organization with HTML in its name, which is visible to the user before taking action.

Recommendations For versions prior to 1.16.0, update to version 1.16.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability to assign hosts to organizations with HTML in their names until a patch is available.