Unrated severityNVD Advisory· Published Aug 1, 2018· Updated Aug 6, 2024

CVE-2016-8639

Description

It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.

Affected products

The Foreman Project/Foremanv5
Range: 1.13.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2018:0336mitrevendor-advisoryx_refsource_REDHAT
www.securityfocus.com/bid/94263mitrevdb-entryx_refsource_BID
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
github.com/theforeman/foreman/pull/3523mitrex_refsource_CONFIRM
projects.theforeman.org/issues/15037mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000