Project

General

Profile

Bug #4456

Updated by Dominic Cleal over 6 years ago

*PRIVATE, EMBARGOED BUG: CVE-2014-0089*

Description
Any user who has a privilege to add bookmarks could exploit the cross site scripting vulnerability to expose other users' personal data by storing malicious scripts when adding bookmark. As the script is permanently stored, every time others access /bookmarks to view the bookmarks, they will be affected.

Severity: High

Affected URLs
http://$foreman/bookmarks

Steps
Add a bookmark with some script code(e.g. <script>alert('xss')</script>) set as its bookmark name
Access /bookmarks to view bookmarks

Result
The script will be executed.

Remedy advice
User inputs such as special characters must be validated, filtered or encoded before being returned as part of the HTML code of a page.

Reference
CWE-931 - http://cwe.mitre.org/data/definitions/931.html

Affects
Foreman 1.4.0 and higher. Foreman 1.3 and older are unaffected, they correctly escape the message.

Back