CVE-2016-8639

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-8639

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8639.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-8639

Downstream

RHSA-2018:0336

Published

2018-08-01T13:29:00.310Z

Modified

2026-02-22T01:12:11.562551Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.

References

Affected packages

Git / github.com/theforeman/smart-proxy

Affected ranges

Type: GIT
Repo: https://github.com/theforeman/smart-proxy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0d90af6690a03d0ad1ff0ee84e7d0ec95df946db

Affected versions

0.*

0.1

0.2

0.2rc2

0.3

0.3.1

1.*

1.0

1.0RC1

1.0RC2

1.1

1.13.0-RC1

1.13.0-RC2

1.1RC1

1.1RC2

1.1RC3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8639.json"