CVE-2014-3491

Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page, related to create, update, and destroy notification boxes.
References
Link Resource
http://projects.theforeman.org/issues/5881 Exploit Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.5.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-07-01 16:55

Updated : 2024-02-04 18:35


NVD link : CVE-2014-3491

Mitre link : CVE-2014-3491

CVE.ORG link : CVE-2014-3491


JSON object : View

Products Affected

theforeman

  • foreman
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')