CVE-2016-8639

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-8639

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8639.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-8639

Related

RHSA-2018:0336

Published

2018-08-01T13:29:00Z

Modified

2024-09-03T01:28:34.392562Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.

References

Affected packages

Git / github.com/theforeman/foreman

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/foreman
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e2c7496eae353b3e63b53cfcee2bd6339cc0db92

Type: GIT
Repo: https://github.com/theforeman/foreman-installer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4302fbb011a58694a1721400c1cc98c159486915

Type: GIT
Repo: https://github.com/theforeman/smart-proxy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0d90af6690a03d0ad1ff0ee84e7d0ec95df946db

Affected versions

0.*

0.1

0.1-1

0.1-2

0.1-3

0.1-4

0.1-5

0.1-6

0.2

0.2rc1

0.2rc2

0.3

0.3.1

0.4

0.4rc2

0.4rc3

0.4rc4

0.4rc5

1.*

1.0

1.0.1

1.0RC1

1.0RC2

1.0RC3

1.0RC4

1.0RC5

1.1

1.13.0-RC1

1.13.0-RC2

1.1RC1

1.1RC2

1.1RC3

1.1RC4

1.1RC5