Project

General

Profile

Actions
Copy link

Bug #25182

closed

CVE-2018-16887 - XSS on Subscription/Repositories pages

Added by Amir Fefer over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Amir Fefer
Category:
Security
Target version:
Katello 3.9.0
Difficulty:
Triaged:
Yes
Bugzilla link:
1662179
Pull request:
https://github.com/Katello/katello/pull/7757
Fixed in Releases:
Found in Releases:
Katello 3.7.1
Red Hat JIRA:

Description

How to reproduce:
1. Create org with <b> org </b> name
2. Pick Any org on the mast head
3. Go to Subscription page
4, Choose the <b> org </b> organization from the selector
5. Once the page loads, check out the org selector in top left, it's bold

Related issues 1 (0 open1 closed)

Related to Katello - Bug #22568: RH repos XUI: page crashes when in Any contextClosedAmir FeferActions
Actions
Copy link
 #1

Updated by The Foreman Bot over 6 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/Katello/katello/pull/7757 added
Actions
Copy link
 #2

Updated by Amir Fefer over 6 years ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link
 #3

Updated by Michael Johnson over 6 years ago

  • Target version set to Katello 3.9.0
Actions
Copy link
 #4

Updated by Michael Johnson over 6 years ago

  • Triaged changed from No to Yes
Actions
Copy link
 #5

Updated by Tomer Brisker over 6 years ago

  • Bugzilla link set to 1662179
Actions
Copy link
 #6

Updated by Tomer Brisker over 6 years ago

  • Related to Bug #22568: RH repos XUI: page crashes when in Any context added
Actions
Copy link
 #7

Updated by Tomer Brisker over 6 years ago

  • Subject changed from XSS on Subscription/Repositories pages to CVE-2018-16887 - XSS on Subscription/Repositories pages
  • Found in Releases Katello 3.7.1 added
Actions
Copy link

Also available in: Atom PDF