PT-2018-8400 · Foreman · Foreman
Tomer Brisker
·
Published
2018-07-26
·
Updated
2019-10-09
·
CVE-2017-7535
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Foreman versions prior to 1.16.0
Description
The issue allows for a stored XSS in organizations/locations assignment to hosts. This can be exploited when a user assigns hosts to an organization with HTML in its name, which is visible to the user before taking action.
Recommendations
For versions prior to 1.16.0, update to version 1.16.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability to assign hosts to organizations with HTML in their names until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foreman