Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-8639

It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.

Published

2018-08-01T13:29:00.310

Last Modified

2024-11-21T02:59:44.487

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	theforeman	foreman	< 1.13.0	Yes
Application	redhat	satellite	6.3	Yes
Application	redhat	satellite_capsule	6.3	Yes

References

http://www.securityfocus.com/bid/94263 Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHSA-2018:0336 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8639 Issue Tracking, Third Party Advisory ([email protected])
https://github.com/theforeman/foreman/pull/3523 Third Party Advisory ([email protected])
https://projects.theforeman.org/issues/15037 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/94263 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0336 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8639 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/theforeman/foreman/pull/3523 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://projects.theforeman.org/issues/15037 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)