Published: 31/07/2018 Updated: 12/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
theforeman foreman 1.5.1

A flaw was found in foreman 151 The remote execution plugin runs commands on hosts over SSH from the Foreman web UI When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser The output of the job is stored, making this a stored ...

CWE-79 https://projects.theforeman.org/issues/17066/https://github.com/theforeman/foreman_remote_execution/pull/208 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8613 http://www.securityfocus.com/bid/93859 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-8613

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-8613

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect