Eric Helms

**Name of the Vulnerable Software and Affected Versions** Katello (affected versions not specified) **Description** The issue concerns multiple XSS problems in various entities of the software. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Katello (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, specifically memory consumption, through two vulnerable parameters: - the `mode` parameter in the `setup utils` function in `content search controller.rb`, - the `action` parameter in the `respond` function in `api/api controller.rb` in `app/controllers/katello/`. These parameters are passed to the `to sym` method. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.