CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-8634

A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs in the alertbox on the page. The result is a stored XSS attack if an organization/location with HTML in the name is created, then a user is linked directly to this URL.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.4%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 3.5

References

http://www.securityfocus.com/bid/94206
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8634
https://projects.theforeman.org/issues/17195
http://www.securityfocus.com/bid/94206
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8634
https://projects.theforeman.org/issues/17195

Products affected by CVE-2016-8634

Theforeman » Foreman » Version: 1.14.0

cpe:2.3:a:theforeman:foreman:1.14.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-8634

Products

Pricing

Contact Us