CVE-2016-8639
Last modified
CVE-2016-8639 is a vulnerability of currently unknown severity. It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.. EPSS estimates a 1.16% chance of exploitation in the next 30 days.
Description
It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Theforeman | Foreman | < 1.13.0 |
| Redhat | Satellite | 6.3 |
| Redhat | Satellite Capsule | 6.3 |
References
- http://www.securityfocus.com/bid/94263Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2018:0336Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8639Issue Tracking, Third Party Advisory
- https://github.com/theforeman/foreman/pull/3523Third Party Advisory
- https://projects.theforeman.org/issues/15037Vendor Advisory
- http://www.securityfocus.com/bid/94263Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2018:0336Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8639Issue Tracking, Third Party Advisory
- https://github.com/theforeman/foreman/pull/3523Third Party Advisory
- https://projects.theforeman.org/issues/15037Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-8639?
How severe is CVE-2016-8639?
How do I fix CVE-2016-8639?
Are you affected by CVE-2016-8639?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST