CVE-2016-8639
foreman: Stored XSS via organization/location with HTML in name
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.
Se ha detectado que Foreman en versiones anteriores a la 1.13.0 es vulnerable a Cross-Site Scripting (XSS) persistente mediante un nombre de organización o ubicación. Esto podría permitir que un atacante con privilegios para establecer el nombre de organización o ubicación muestre HTML arbitrario, incluyendo código de scripting en la interfaz web.
It was found that foreman is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. This update provides Satellite 6.3 packages for Red Hat Enterprise Linux 7 Satellite server. For the full list of new features provided by Satellite 6.3, see the Release Notes linked to in the references section. See the Satellite 6 Installation Guide for detailed instructions on how to install a new Satellite 6.3 environment, or the Satellite 6 Upgrading and Updating guide for detailed instructions on how to upgrade from prior versions of Satellite 6.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-10-12 CVE Reserved
- 2018-02-20 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/94263 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8639 | Issue Tracking | |
| https://github.com/theforeman/foreman/pull/3523 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:0336 | 2023-11-07 | |
| https://projects.theforeman.org/issues/15037 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2016-8639 | 2018-02-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1393291 | 2018-02-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Theforeman Search vendor "Theforeman" | Foreman Search vendor "Theforeman" for product "Foreman" | < 1.13.0 Search vendor "Theforeman" for product "Foreman" and version " < 1.13.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | 6.3 Search vendor "Redhat" for product "Satellite" and version "6.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Satellite Capsule Search vendor "Redhat" for product "Satellite Capsule" | 6.3 Search vendor "Redhat" for product "Satellite Capsule" and version "6.3" | - |
Affected
| ||||||