Actions
Bug #6580
closed
CVE-2014-3531 - XSS in operating system name / description
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Description
Reported by Jan HutaĆ via RHBZ:
There is a possible XSS with operating system name/description.
Version-Release number of selected component (if applicable):
Satellite-6.0.3-RHEL-6-20140605.0
How reproducible:
always
Steps to Reproduce:
1. Go to Hosts -> Operating systems -> Create new operating system
2. Fill "Name: T<b>OD</b>O" in
- OR -
Fill some "Name" and "Description: T<b>OD</b>O" in
3. Submit
Actual results:
In a list of operating systems unescaped string is displayed
Expected results:
HTML should be escaped
Updated by Dominic Cleal over 10 years ago
- Subject changed from XSS in operating system name / description to CVE-2014-3531 - XSS in operating system name / description
Updated by Daniel Lobato Garcia over 10 years ago
- Status changed from Assigned to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/1580 added
- Pull request deleted (
)
Updated by Daniel Lobato Garcia over 10 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 98e584f5a7860fb92a9916d5e5ec524372e3f8ae.
Updated by The Foreman Bot over 10 years ago
- Status changed from Closed to Ready For Testing
Updated by Dominic Cleal over 10 years ago
- Status changed from Ready For Testing to Closed
Updated by Dominic Cleal over 10 years ago
Fix released today in Foreman 1.5.2. Details posted on http://theforeman.org/security.html#2014-3531.
Actions