VYPR
Unrated severityNVD Advisory· Published Jun 5, 2024· Updated Nov 20, 2025

Katello: potential cross-site scripting exploit in ui

CVE-2024-4812

Description

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.