Vulnerability Details CVE-2018-14664
A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.4%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- http://www.securityfocus.com/bid/106553
- https://access.redhat.com/errata/RHSA-2019:1222
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14664
- https://projects.theforeman.org/issues/25169
- http://www.securityfocus.com/bid/106553
- https://access.redhat.com/errata/RHSA-2019:1222
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14664
- https://projects.theforeman.org/issues/25169
Products affected by CVE-2018-14664
-
cpe:2.3:a:theforeman:foreman:1.18.0