CVE-2016-8639

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-8639

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8639.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-8639

Downstream

RHSA-2018:0336

Published

2018-08-01T13:29:00Z

Modified

2025-11-06T18:55:47.339734Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.

References

Affected packages

Git

github.com/theforeman/foreman

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/foreman
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e2c7496eae353b3e63b53cfcee2bd6339cc0db92

Affected versions

0.*

0.1

0.1-1

0.1-2

0.1-3

0.1-4

0.1-5

0.1-6

0.2

0.2rc1

0.3

0.4

0.4rc2

0.4rc3

0.4rc4

0.4rc5

1.*

1.0

1.0RC1

1.0RC2

1.0RC3

1.0RC4

1.0RC5

1.1

1.13.0-RC1

1.13.0-RC2

1.1RC1

1.1RC2

1.1RC3

1.1RC4

1.1RC5

github.com/theforeman/foreman-installer

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/foreman-installer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4302fbb011a58694a1721400c1cc98c159486915

Affected versions

1.*

1.0.1

1.13.0-RC1

1.13.0-RC2

github.com/theforeman/smart-proxy

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/smart-proxy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0d90af6690a03d0ad1ff0ee84e7d0ec95df946db

Affected versions

0.*

0.1

0.2

0.2rc2

0.3

0.3.1

1.*

1.0

1.0RC1

1.0RC2

1.1

1.13.0-RC1

1.13.0-RC2

1.1RC1

1.1RC2

1.1RC3