Project

General

Profile

Actions
Copy link

Bug #16022

closed

CVE-2016-6320 - Network interface device identifiers may contain stored XSS on host form

Added by Dominic Cleal almost 10 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Tomer Brisker
Category:
Security
Target version:
1.12.2
Difficulty:
Triaged:
Bugzilla link:
1421803
Pull request:
https://github.com/theforeman/foreman/pull/3714
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Network interface identifiers stored for hosts may contain HTML or JavaScript that allows a stored XSS (cross-site scripting) vulnerability when later viewing the host edit form.

This issue was reported by Sanket Jagtap.

CVE identifier will be assigned.

Actions
Copy link
 #1

Updated by The Foreman Bot almost 10 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Tomer Brisker
  • Pull request https://github.com/theforeman/foreman/pull/3714 added
Actions
Copy link
 #2

Updated by Tomer Brisker almost 10 years ago

  • Target version set to 1.7.1
Actions
Copy link
 #3

Updated by Anonymous over 9 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link
 #4

Updated by Dominic Cleal over 9 years ago

  • Subject changed from Network interface device identifiers may contain stored XSS on host form to CVE-2016-6320 - Network interface device identifiers may contain stored XSS on host form
Actions
Copy link
 #5

Updated by Daniel Lobato Garcia over 9 years ago

  • Target version changed from 1.7.1 to 1.6.2
Actions
Copy link
 #6

Updated by Daniel Lobato Garcia over 9 years ago

  • Target version changed from 1.6.2 to 1.7.1
Actions
Copy link
 #7

Updated by Ohad Levy about 9 years ago

  • Bugzilla link set to 1421803
Actions
Copy link

Also available in: Atom PDF