Actions
Bug #20963
closedCVE-2017-7535: stored XSS in the manage organization page
Description
Attempting to assign all hosts to an organization or location that contains HTML does not properly escape the html in the toast notification informing of success.
Setting priority to low since exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action.
Updated by The Foreman Bot over 7 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/4851 added
Updated by Daniel Lobato Garcia over 7 years ago
- Translation missing: en.field_release set to 240
Updated by Anonymous over 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset b8db2f931208992d6bcff44a2d20101637f6c232.
Actions