oss-sec mailing list archives
CVE-2016-6320: Foreman stored XSS in network interface device identifiers
From: Dominic Cleal <dominic () cleal org>
Date: Wed, 24 Aug 2016 14:08:39 +0100
CVE-2016-6320: Foreman stored XSS in network interface device identifiers Network interface identifiers stored for hosts may contain HTML or JavaScript that allows a stored XSS (cross-site scripting) vulnerability when later viewing the host edit form, which contains detail on each stored network interface. This issue was reported by Sanket Jagtap. Affects Foreman 1.8.0 and higher Fix released in Foreman 1.12.2 Patch: https://github.com/theforeman/foreman/commit/53081ea14b30d66f0d67b62fe950a2c1463225f5 More information: https://theforeman.org/security.html#2016-6320 http://projects.theforeman.org/issues/16022 https://theforeman.org -- Dominic Cleal dominic () cleal org
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE-2016-6320: Foreman stored XSS in network interface device identifiers Dominic Cleal (Aug 24)