Project

General

Profile

Bug #16022

CVE-2016-6320 - Network interface device identifiers may contain stored XSS on host form

Added by Dominic Cleal over 6 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Network interface identifiers stored for hosts may contain HTML or JavaScript that allows a stored XSS (cross-site scripting) vulnerability when later viewing the host edit form.

This issue was reported by Sanket Jagtap.

CVE identifier will be assigned.

Associated revisions

Revision 53081ea1 (diff)
Added by Tomer Brisker over 6 years ago

Fixes #16022 - Prevent stored XSS in host interface form

The host interface form may contain a stored XSS in the identifier field
allowing a user allowed to edit a host's interfaces to cause code
execution by another user viewing that host's edit form.

Revision 2ab766fa (diff)
Added by Tomer Brisker over 6 years ago

Fixes #16022 - Prevent stored XSS in host interface form

The host interface form may contain a stored XSS in the identifier field
allowing a user allowed to edit a host's interfaces to cause code
execution by another user viewing that host's edit form.

(cherry picked from commit 53081ea14b30d66f0d67b62fe950a2c1463225f5)

History

#1 Updated by The Foreman Bot over 6 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Tomer Brisker
  • Pull request https://github.com/theforeman/foreman/pull/3714 added

#2 Updated by Tomer Brisker over 6 years ago

  • Target version set to 1.7.1

#3 Updated by Anonymous over 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by Dominic Cleal over 6 years ago

  • Subject changed from Network interface device identifiers may contain stored XSS on host form to CVE-2016-6320 - Network interface device identifiers may contain stored XSS on host form

#5 Updated by Daniel Lobato Garcia over 6 years ago

  • Target version changed from 1.7.1 to 1.6.2

#6 Updated by Daniel Lobato Garcia over 6 years ago

  • Target version changed from 1.6.2 to 1.7.1

#7 Updated by Ohad Levy about 6 years ago

  • Bugzilla link set to 1421803

Also available in: Atom PDF