Project

General

Custom queries

Profile

Actions
Copy link

Bug #16022

closed

CVE-2016-6320 - Network interface device identifiers may contain stored XSS on host form

Added by Dominic Cleal over 8 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Tomer Brisker
Category:
Security
Target version:
1.12.2
Difficulty:
Triaged:
Bugzilla link:
1421803
Pull request:
https://github.com/theforeman/foreman/pull/3714
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Network interface identifiers stored for hosts may contain HTML or JavaScript that allows a stored XSS (cross-site scripting) vulnerability when later viewing the host edit form.

This issue was reported by Sanket Jagtap.

CVE identifier will be assigned.

#1

Updated by The Foreman Bot over 8 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Tomer Brisker
  • Pull request https://github.com/theforeman/foreman/pull/3714 added
#2

Updated by Tomer Brisker over 8 years ago

  • Target version set to 1.7.1
#3

Updated by Anonymous over 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
#4

Updated by Dominic Cleal over 8 years ago

  • Subject changed from Network interface device identifiers may contain stored XSS on host form to CVE-2016-6320 - Network interface device identifiers may contain stored XSS on host form
#5

Updated by Daniel Lobato Garcia over 8 years ago

  • Target version changed from 1.7.1 to 1.6.2
#6

Updated by Daniel Lobato Garcia over 8 years ago

  • Target version changed from 1.6.2 to 1.7.1
#7

Updated by Ohad Levy about 8 years ago

  • Bugzilla link set to 1421803
Actions
Copy link

Also available in: Atom PDF