| Vulnerability Name: | CVE-2015-5282 (CCN-106666) |
| Assigned: | 2015-09-21 |
| Published: | 2015-09-21 |
| Updated: | 2017-09-29 |
| Summary: | Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
|
| CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required | | Scope: | Scope (S): Changed
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None |
6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required | | Scope: | Scope (S): Changed
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None |
|
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None |
|
| Vulnerability Type: | CWE-79
|
| Vulnerability Consequences: | Cross-Site Scripting |
| References: | Source: MITRE
Type: CNA
CVE-2015-5282
Source: CCN
Type: theforeman Web site
CVE-2015-5282 - Parameter hide/show checkbox allows stored XSS during textbox change
Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
http://projects.theforeman.org/issues/11859
Source: CCN
Type: oss-sec Mailing List, Mon, 21 Sep 2015 11:18:33 +0100
CVE-2015-5282: Foreman stored XSS in parameter hide checkbox
Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[oss-security] 20150921 CVE-2015-5282: Foreman stored XSS in parameter hide checkbox
Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1264221
Source: XF
Type: UNKNOWN
foreman-cve20155282-xss(106666)
Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/theforeman/foreman/commit/4f3555b217be8723e8045f9816d147b5f684ec57
Source: CONFIRM
Type: Patch, Vendor Advisory
https://theforeman.org/security.html#2015-5282
Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-5282
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:theforeman:foreman:1.7.0:-:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.7.1:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.7.2:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.7.3:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.7.4:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.7.5:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.8.0:-:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.8.1:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.8.2:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.8.3:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.8.4:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.9.0:-:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.9.1:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.9.2:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.9.3:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.10.0:-:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.10.1:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.10.2:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.10.3:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.10.4:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.11.0:-:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.11.1:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.11.2:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.11.3:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.11.4:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.12.0:-:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.12.1:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.12.2:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.12.3:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.12.4:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.13.0:-:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.13.1:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.13.2:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.13.3:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.13.4:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.14.0:-:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.14.1:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.14.2:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.14.3:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.15.0:-:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.15.1:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.15.2:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.15.3:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.15.4:*:*:*:*:*:*:*OR cpe:/a:theforeman:foreman:1.16.0:-:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:theforeman:foreman:1.7.0:-:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |
theforeman foreman 1.7.0
theforeman foreman 1.7.1
theforeman foreman 1.7.2
theforeman foreman 1.7.3
theforeman foreman 1.7.4
theforeman foreman 1.7.5
theforeman foreman 1.8.0
theforeman foreman 1.8.1
theforeman foreman 1.8.2
theforeman foreman 1.8.3
theforeman foreman 1.8.4
theforeman foreman 1.9.0
theforeman foreman 1.9.1
theforeman foreman 1.9.2
theforeman foreman 1.9.3
theforeman foreman 1.10.0
theforeman foreman 1.10.1
theforeman foreman 1.10.2
theforeman foreman 1.10.3
theforeman foreman 1.10.4
theforeman foreman 1.11.0
theforeman foreman 1.11.1
theforeman foreman 1.11.2
theforeman foreman 1.11.3
theforeman foreman 1.11.4
theforeman foreman 1.12.0
theforeman foreman 1.12.1
theforeman foreman 1.12.2
theforeman foreman 1.12.3
theforeman foreman 1.12.4
theforeman foreman 1.13.0
theforeman foreman 1.13.1
theforeman foreman 1.13.2
theforeman foreman 1.13.3
theforeman foreman 1.13.4
theforeman foreman 1.14.0
theforeman foreman 1.14.1
theforeman foreman 1.14.2
theforeman foreman 1.14.3
theforeman foreman 1.15.0
theforeman foreman 1.15.1
theforeman foreman 1.15.2
theforeman foreman 1.15.3
theforeman foreman 1.15.4
theforeman foreman 1.16.0
theforeman foreman 1.7.0 -