Actions
Bug #16022
closedCVE-2016-6320 - Network interface device identifiers may contain stored XSS on host form
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Description
Network interface identifiers stored for hosts may contain HTML or JavaScript that allows a stored XSS (cross-site scripting) vulnerability when later viewing the host edit form.
This issue was reported by Sanket Jagtap.
CVE identifier will be assigned.
Updated by The Foreman Bot about 8 years ago
- Status changed from New to Ready For Testing
- Assignee set to Tomer Brisker
- Pull request https://github.com/theforeman/foreman/pull/3714 added
Updated by Anonymous about 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 53081ea14b30d66f0d67b62fe950a2c1463225f5.
Updated by Dominic Cleal about 8 years ago
- Subject changed from Network interface device identifiers may contain stored XSS on host form to CVE-2016-6320 - Network interface device identifiers may contain stored XSS on host form
Updated by Daniel Lobato Garcia about 8 years ago
- Target version changed from 1.7.1 to 1.6.2
Updated by Daniel Lobato Garcia about 8 years ago
- Target version changed from 1.6.2 to 1.7.1
Actions