Bug #16022: CVE-2016-6320 - Network interface device identifiers may contain stored XSS on host form - Foreman

Actions

Copy link

Bug #16022

closed

CVE-2016-6320 - Network interface device identifiers may contain stored XSS on host form

Added by Dominic Cleal over 8 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Tomer Brisker

Category:

Security

Target version:

1.12.2

Difficulty:

Triaged:

Bugzilla link:

1421803

Pull request:

https://github.com/theforeman/foreman/pull/3714

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

Network interface identifiers stored for hosts may contain HTML or JavaScript that allows a stored XSS (cross-site scripting) vulnerability when later viewing the host edit form.

This issue was reported by Sanket Jagtap.

CVE identifier will be assigned.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #16022

CVE-2016-6320 - Network interface device identifiers may contain stored XSS on host form

Updated by The Foreman Bot over 8 years ago

Updated by Tomer Brisker over 8 years ago

Updated by Anonymous over 8 years ago

Updated by Dominic Cleal over 8 years ago

Updated by Daniel Lobato Garcia over 8 years ago

Updated by Daniel Lobato Garcia over 8 years ago

Updated by Ohad Levy about 8 years ago