| Vulnerability Name: | CVE-2016-8639 (CCN-148069) | ||||||||||||
| Assigned: | 2016-11-06 | ||||||||||||
| Published: | 2016-11-06 | ||||||||||||
| Updated: | 2019-10-09 | ||||||||||||
| Summary: | It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface. | ||||||||||||
| CVSS v3 Severity: | 5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-8639 Source: CCN Type: Foreman Web site Foreman Source: BID Type: Third Party Advisory, VDB Entry 94263 Source: CCN Type: BID-94263 Foreman CVE-2016-8639 Multiple HTML Injection Vulnerabilities Source: REDHAT Type: Third Party Advisory RHSA-2018:0336 Source: CCN Type: Red Hat Bugzilla Bug 1393291 (CVE-2016-8639) CVE-2016-8639 foreman: Stored XSS via organization/location with HTML in name Source: CONFIRM Type: Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8639 Source: XF Type: UNKNOWN foreman-cve20168639-xss(148069) Source: CONFIRM Type: Third Party Advisory https://github.com/theforeman/foreman/pull/3523 Source: CONFIRM Type: Vendor Advisory https://projects.theforeman.org/issues/15037 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||