Project

General

Profile

Actions

Bug #17066

closed

CVE-2016-8613 - XSS in live output

Added by Ivan Necas over 7 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Foreman
Target version:
Fixed in Releases:
Found in Releases:

Description

Missed escaping in live output can allow XSS, when the execution code produces a valid HTML/JavaScript code.

Actions #1

Updated by The Foreman Bot over 7 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman_remote_execution/pull/208 added
Actions #2

Updated by Ivan Necas over 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #3

Updated by Ivan Necas over 7 years ago

  • Bugzilla link set to 1388202
Actions

Also available in: Atom PDF