Stored Cross-Site Scripting Vulnerability in Foreman Remote Execution Plugin by The Foreman
CVE-2016-8613

6.4MEDIUM

Key Information:

Vendor

The Foreman Project

Status
Foreman
Vendor
CVE Published:
31 July 2018

What is CVE-2016-8613?

A vulnerability exists in the Foreman Remote Execution Plugin where the results of commands executed over SSH are displayed in the Foreman web UI. If a job includes HTML tags, the output is not properly escaped, allowing an attacker to inject malicious HTML or JavaScript. This stored XSS vulnerability could be exploited to execute arbitrary scripts in the context of the user's browser, potentially leading to significant security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

foreman 1.5.1

References

https://projects.theforeman.org/issues/17066/
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8613
x_refsource_CONFIRM
http://www.securityfocus.com/bid/93859
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.