CVE-2016-6320: Foreman stored XSS in network interface device identifiers

[Dominic Cleal <dominic () cleal org>]

CVE-2016-6320: Foreman stored XSS in network interface device identifiers

Network interface identifiers stored for hosts may contain HTML or
JavaScript that allows a stored XSS (cross-site scripting) vulnerability
when later viewing the host edit form, which contains detail on each
stored network interface.

This issue was reported by Sanket Jagtap.

Affects Foreman 1.8.0 and higher
Fix released in Foreman 1.12.2

Patch:
https://github.com/theforeman/foreman/commit/53081ea14b30d66f0d67b62fe950a2c1463225f5

More information:
https://theforeman.org/security.html#2016-6320
http://projects.theforeman.org/issues/16022
https://theforeman.org

-- 
Dominic Cleal
dominic () cleal org

Attachment: signature.asc
Description: OpenPGP digital signature