4.3
CVSSv2

CVE-2014-3653

Published: 06/07/2015 Updated: 08/07/2015
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the template preview function in Foreman prior to 1.6.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted provisioning template.

Affected Products

Vendor Product Versions
TheforemanForeman1.6.0

Vendor Advisories

A cross-site scripting (XSS) flaw was found in Foreman's template preview screen A remote attacker could use this flaw to perform cross-site scripting attacks by tricking a user into viewing a malicious template Note that templates are commonly shared among users ...