VDB

CVE-2016-8613

CVE-2016-8613 PUBLISHED CVSS 6.4 MEDIUM

Reported by redhat · Published July 31, 2018

A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability.

Risk Scores

CVSS 3.0
6.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
The Foreman Projectforeman1.5.1
The Foreman Projectforeman1.5.1, 1.5.1

Timeline

  • Jul 31, 2018 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 13, 2022 CVE Updated
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 3, 2023 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Feb 13, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score

References

  • x_refsource_CONFIRM
  • x_refsource_CONFIRM
  • 93859 vdb-entryx_refsource_BID
  • x_refsource_CONFIRM
Open in Interactive Console →
$ Console Community · 100/wk Open console ›