Project

General

Profile

Bug #17066

CVE-2016-8613 - XSS in live output

Added by Ivan Necas over 2 years ago. Updated 9 months ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Foreman
Target version:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Missed escaping in live output can allow XSS, when the execution code produces a valid HTML/JavaScript code.

Associated revisions

Revision a8a97129 (diff)
Added by Ivan Necas over 2 years ago

Fixes #17066 - escape the life output properly

History

#1 Updated by The Foreman Bot over 2 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman_remote_execution/pull/208 added

#2 Updated by Ivan Necas over 2 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#3 Updated by Ivan Necas over 2 years ago

  • Bugzilla link set to 1388202

Also available in: Atom PDF