Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 17/12/2015 Updated: 12/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman prior to 1.10.0 allow remote malicious users to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms.

Vulnerable Product	Search on Vulmon	Subscribe to Product
theforeman foreman

A stored cross-site scripting (XSS) flaw was found in the smart class parameters/variables field By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content into the web page that is used to view that data ...

CWE-79 http://www.openwall.com/lists/oss-security/2015/12/09/6 http://projects.theforeman.org/issues/12611 http://theforeman.org/security.html#2015-7518 https://access.redhat.com/errata/RHSA-2016:0174 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-7518

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-7518

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect