CVE-2016-6319

Published: Aug 19, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

RHSA-2018:0336

vendor-advisory

x_refsource_REDHAT

https://github.com/theforeman/foreman/commit/0f35fe14acf0d0d3b55e9337bc5e2b9640ff2372

x_refsource_CONFIRM

http://projects.theforeman.org/issues/16024

x_refsource_CONFIRM

92429

vdb-entry

x_refsource_BID

http://projects.theforeman.org/issues/16019

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1365815

x_refsource_CONFIRM

https://theforeman.org/security.html#2016-6319

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-6319

Description

Affected Products

References