Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page, related to create, update, and destroy notification boxes.
References
Link | Resource |
---|---|
http://projects.theforeman.org/issues/5881 | Exploit Patch |
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-07-01 09:55
Updated : 2014-07-02 10:45
NVD link : CVE-2014-3491
Mitre link : CVE-2014-3491
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
theforeman
- foreman