Stored XSS Vulnerability in Foreman by The Foreman Projects
CVE-2017-15100

6.1MEDIUM

Key Information:

Vendor

Foreman Project

Status
Foreman
Vendor
CVE Published:
27 November 2017

What is CVE-2017-15100?

An attacker can exploit a stored XSS vulnerability in Foreman by submitting malicious HTML content to the server. This vulnerability can be triggered on specific pages such as the Facts page, where hovering over charts can execute the malicious script, as well as on the Trends and Statistics pages when displaying aggregated facts. Proper validation and filtering of user inputs are essential to mitigate this issue.

Affected Version(s)

Foreman 1.2 and later, a fix is planned for 1.16.0

References

https://github.com/theforeman/foreman/pull/4967
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2927
vendor-advisoryx_refsource_REDHAT
http://projects.theforeman.org/issues/21519
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.