CVE-2016-8639

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-8639

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8639.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-8639

Downstream

RHSA-2018:0336

Published

2018-08-01T13:29:00.310Z

Modified

2026-03-20T11:15:31.668454Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.

References

Affected packages

Git / github.com/theforeman/foreman

Affected ranges

Type

GIT

Repo

https://github.com/theforeman/foreman

Events

Introduced

Fixed

e2c7496eae353b3e63b53cfcee2bd6339cc0db92

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.13.0"
        }
    ]
}

Affected versions

0.*

0.1

0.1-1

0.1-2

0.1-3

0.1-4

0.1-5

0.1-6

0.2

0.2rc1

0.3

0.4

0.4rc2

0.4rc3

0.4rc4

0.4rc5

1.*

1.0

1.0RC1

1.0RC2

1.0RC3

1.0RC4

1.0RC5

1.1

1.13.0-RC1

1.13.0-RC2

1.1RC1

1.1RC2

1.1RC3

1.1RC4

1.1RC5

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.3"
            }
        ]
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8639.json"