Stored Cross-Site Scripting Vulnerability in Foreman 1.18

Stored Cross-Site Scripting Vulnerability in Foreman 1.18

CVE-2018-14664 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side.

Learn more about our User Device Pen Test.