Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "freeipa-admintools", "binary_version": "4.1.4-1" }, { "binary_name": "freeipa-client", "binary_version": "4.1.4-1" }, { "binary_name": "freeipa-client-dbgsym", "binary_version": "4.1.4-1" }, { "binary_name": "freeipa-server", "binary_version": "4.1.4-1" }, { "binary_name": "freeipa-server-dbgsym", "binary_version": "4.1.4-1" }, { "binary_name": "freeipa-server-trust-ad", "binary_version": "4.1.4-1" }, { "binary_name": "freeipa-server-trust-ad-dbgsym", "binary_version": "4.1.4-1" }, { "binary_name": "freeipa-tests", "binary_version": "4.1.4-1" }, { "binary_name": "python-freeipa", "binary_version": "4.1.4-1" }, { "binary_name": "python-freeipa-dbgsym", "binary_version": "4.1.4-1" } ] }