Bug #16019: CVE-2016-6319 - Persistent XSS in job invocation form triggered by unescaped user input name - Foreman Remote Execution - Foreman

Actions

Bug #16019

closed

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Foreman

Target version:

Difficulty:

Triaged:

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

The value is used for label in job invocation form. The vulnerability/fix belongs to Foreman which stopped escaping the label since [1.6.0](https://github.com/theforeman/foreman/commit/2af7c64a3b9c2699a3131483bc2344b50c138542#diff-d07b3cdd6c00768e06bfed349d3c808fR157).

Related issues 1 (0 open — 1 closed)

Related to Bug #16024: Foreman form helpers do not escape JS when rendering label added

Subject changed from Persistent XSS in job invocation form triggered by unescaped user input name to CVE-2016-6319 - Persistent XSS in job invocation form triggered by unescaped user input name
Status changed from New to Ready For Testing

Actions

Also available in: Atom PDF