oss-sec mailing list archives
CVE-2016-8634: Foreman stored XSS in orgs/locations wizard step
From: Dominic Cleal <dominic () cleal org>
Date: Wed, 9 Nov 2016 13:28:53 +0000
CVE-2016-8634: Foreman organization/location wizard may run stored XSS in name When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard will render the HTML. This occurs in the alert box on the page. This may permit a stored XSS attack if an organization/location with HTML in the name is created, then a user is linked directly to this URL. Mitigation: restrict permissions to organization and location creation, don't follow untrusted links to Foreman. This issue was reported by Sanket Jagtap. Affects Foreman 1.1 and higher Fix due to be released in Foreman 1.14.0 Patch: https://github.com/theforeman/foreman/commit/5a573456b5ecb3ba0d24e057722704f9afeda8f7 More information: https://theforeman.org/security.html#2016-8634 http://projects.theforeman.org/issues/17195 https://theforeman.org -- Dominic Cleal dominic () cleal org
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE-2016-8634: Foreman stored XSS in orgs/locations wizard step Dominic Cleal (Nov 09)