Katello: potential cross-site scripting exploit in ui
CVE-2024-4812
4.8MEDIUM
Summary
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections.
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Risk change from: null to: 4.8 - (MEDIUM)
Vulnerability published.
Reported to Red Hat.
Collectors
NVD DatabaseMitre Database