CVE-2017-15100

Name of the Vulnerable Software and Affected Versions Foreman (affected versions not specified)

Description The issue allows an attacker to perform a stored XSS attack by submitting facts containing HTML to the Foreman server. This can lead to exploitation on certain pages, including the Facts page when the chart button is clicked and the chart is hovered over, the Trends page when checking a graph for a trend based on such a fact, and the Statistics page for aggregated facts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.