Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description.
CVSS Score
5.4
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Theforeman | Foreman | <= 1.5.1 |
Related Weaknesses (CWE)
References
- http://projects.theforeman.org/issues/6580PatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1108745Issue TrackingThird Party Advisory
- https://github.com/theforeman/foreman/pull/1580Third Party Advisory
- https://theforeman.org/security.html#2014-3531Vendor Advisory
- http://projects.theforeman.org/issues/6580PatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1108745Issue TrackingThird Party Advisory
- https://github.com/theforeman/foreman/pull/1580Third Party Advisory
- https://theforeman.org/security.html#2014-3531Vendor Advisory
FAQ
What is CVE-2014-3531?
CVE-2014-3531 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description...
How severe is CVE-2014-3531?
CVE-2014-3531 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3531?
Check the references section above for vendor advisories and patch information. Affected products include: Theforeman Foreman.