Jan Hutaå

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.5.2 Description: The issue allows remote authenticated users to inject arbitrary web script or HTML via the `operating system` (1) `name` or (2) `description`. Recommendations: For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.4.4 Description: A cross-site scripting (XSS) issue exists in the search auto-completion functionality, allowing remote authenticated users to inject arbitrary web script or HTML via a crafted key name. Recommendations: For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue.