Main Vulnerability Database SB2018101405

SB2018101405 - Stored cross-site scripting in Foreman

Published: October 14, 2018 Updated: June 21, 2023

Security Bulletin ID SB2018101405

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Stored cross-site scripting (CVE-ID: CVE-2018-14664)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Install update from vendor's website.

SB2018101405 - Stored cross-site scripting in Foreman

Breakdown by Severity

Description

Remediation

References

Please verify you're human