Stored XSS Vulnerability in Foreman 1.16.0: Organizations/Locations Assignment to Hosts

Stored XSS Vulnerability in Foreman 1.16.0: Organizations/Locations Assignment to Hosts

CVE-2017-7535 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action.

Learn more about our User Device Pen Test.