Bug #16020: Reflective XSS in Smart Variables - Foreman

Actions

Copy link

Bug #16020

closed

Reflective XSS in Smart Variables

Added by Tomer Brisker over 8 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Tomer Brisker

Category:

Security

Target version:

1.12.2

Difficulty:

Triaged:

Bugzilla link:

1364025

Pull request:

https://github.com/theforeman/foreman/pull/3712

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1364025
Description of problem:
Build: Satellite 6.2 snap 21.2

Version-Release number of selected component (if applicable):

How reproducible:
Always

Steps to Reproduce:
1. Go to Smart Classes
2. Create a new variable for any class.
3. Select Array as datatype and default value as <script>alert(1)</script>
4. Select Optional Input validator and select list with [<script>alert(1)</script>] value

Actual results:
The script is run by the browser and input is not sanitized.

Expected results:
The user input should be sanitized and proper error should be thrown

Additional info:

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #16020

Reflective XSS in Smart Variables

Updated by The Foreman Bot over 8 years ago

Updated by Tomer Brisker over 8 years ago

Updated by Tomer Brisker over 8 years ago

Updated by Daniel Lobato Garcia over 8 years ago

Updated by Anonymous over 8 years ago

Updated by Dominic Cleal over 8 years ago