CVE-2016-8613

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-8613

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8613.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-8613

Related

RHSA-2018:0336

Published

2018-07-31T20:29:00Z

Modified

2024-10-12T02:15:56.958082Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability.

References

Affected packages

Git / github.com/theforeman/foreman

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/foreman
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1b42244629952d3444263e9d15993c4c1082ac80

Type: GIT
Repo: https://github.com/theforeman/foreman-installer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

555ab4a2b636f56d3efe0d0911395ead4152d62b

Type: GIT
Repo: https://github.com/theforeman/smart-proxy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

bbb47d4d983bc5dff6d86d77ac4b5ce6934c2fa7

Affected versions

0.*

0.1

0.1-1

0.1-2

0.1-3

0.1-4

0.1-5

0.1-6

0.2

0.2rc1

0.2rc2

0.3

0.3.1

0.4

0.4rc2

0.4rc3

0.4rc4

0.4rc5

1.*

1.0

1.0.1

1.0RC1

1.0RC2

1.0RC3

1.0RC4

1.0RC5

1.1

1.1RC1

1.1RC2

1.1RC3

1.1RC4

1.1RC5

1.5.0

1.5.0-RC1

1.5.0-RC2

1.5.1