CVE-2016-8639

It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:satellite:6.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite_capsule:6.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-08-01 13:29

Updated : 2024-02-04 20:03


NVD link : CVE-2016-8639

Mitre link : CVE-2016-8639

CVE.ORG link : CVE-2016-8639


JSON object : View

Products Affected

redhat

  • satellite
  • satellite_capsule

theforeman

  • foreman
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')