Project

General

Profile

Actions

Bug #16022

closed

CVE-2016-6320 - Network interface device identifiers may contain stored XSS on host form

Added by Dominic Cleal about 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Network interface identifiers stored for hosts may contain HTML or JavaScript that allows a stored XSS (cross-site scripting) vulnerability when later viewing the host edit form.

This issue was reported by Sanket Jagtap.

CVE identifier will be assigned.

Actions #1

Updated by The Foreman Bot about 8 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Tomer Brisker
  • Pull request https://github.com/theforeman/foreman/pull/3714 added
Actions #2

Updated by Tomer Brisker about 8 years ago

  • Target version set to 1.7.1
Actions #3

Updated by Anonymous about 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #4

Updated by Dominic Cleal about 8 years ago

  • Subject changed from Network interface device identifiers may contain stored XSS on host form to CVE-2016-6320 - Network interface device identifiers may contain stored XSS on host form
Actions #5

Updated by Daniel Lobato Garcia about 8 years ago

  • Target version changed from 1.7.1 to 1.6.2
Actions #6

Updated by Daniel Lobato Garcia about 8 years ago

  • Target version changed from 1.6.2 to 1.7.1
Actions #7

Updated by Ohad Levy over 7 years ago

  • Bugzilla link set to 1421803
Actions

Also available in: Atom PDF