Tbrisker

**Name of the Vulnerable Software and Affected Versions** Foreman (affected versions not specified) **Description** The issue allows an attacker to perform a stored XSS attack by submitting facts containing HTML to the Foreman server. This can lead to exploitation on certain pages, including the Facts page when the chart button is clicked and the chart is hovered over, the Trends page when checking a graph for a trend based on such a fact, and the Statistics page for aggregated facts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.