CVE-2014-3491

Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page, related to create, update, and destroy notification boxes.
References
Link Resource
http://projects.theforeman.org/issues/5881 Exploit Patch
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:theforeman:foreman:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.2:*:*:*:*:*:*:*

Information

Published : 2014-07-01 09:55

Updated : 2014-07-02 10:45


NVD link : CVE-2014-3491

Mitre link : CVE-2014-3491


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

theforeman

  • foreman