CVE-2016-6319

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-6319

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6319.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-6319

Downstream

RHSA-2018:0336

Published

2016-08-19T21:59:14Z

Modified

2025-11-07T05:58:00.767449Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.

References

Affected packages

Git

github.com/theforeman/foreman

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/foreman
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0f35fe14acf0d0d3b55e9337bc5e2b9640ff2372

Affected versions

0.*

0.1

0.1-1

0.1-2

0.1-3

0.1-4

0.1-5

0.1-6

0.2

0.2rc1

0.3

0.4

0.4rc2

0.4rc3

0.4rc4

0.4rc5

1.*

1.0

1.0RC1

1.0RC2

1.0RC3

1.0RC4

1.0RC5

1.1

1.1RC1

1.1RC2

1.1RC3

1.1RC4

1.1RC5

github.com/theforeman/foreman-installer

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/foreman-installer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

github.com/theforeman/smart-proxy

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/smart-proxy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected