Vulnerability Description
Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Theforeman | Foreman | <= 1.12.1 |
Related Weaknesses (CWE)
References
- http://projects.theforeman.org/issues/16022Vendor Advisory
- http://www.securityfocus.com/bid/92431Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHBA-2016:1885
- https://bugzilla.redhat.com/show_bug.cgi?id=1365785Issue Tracking
- https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796Patch
- https://theforeman.org/security.html#2016-6320PatchVendor Advisory
- http://projects.theforeman.org/issues/16022Vendor Advisory
- http://www.securityfocus.com/bid/92431Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHBA-2016:1885
- https://bugzilla.redhat.com/show_bug.cgi?id=1365785Issue Tracking
- https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796Patch
- https://theforeman.org/security.html#2016-6320PatchVendor Advisory
FAQ
What is CVE-2016-6320?
CVE-2016-6320 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the net...
How severe is CVE-2016-6320?
CVE-2016-6320 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6320?
Check the references section above for vendor advisories and patch information. Affected products include: Theforeman Foreman.