CVE-2014-0089
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0039 (0.4%)
Percentil: 60.0%
EPSS: 2026-05-06
Afecta
theforeman:foremanDescripción técnica
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.
Publicada: 27/3/2014, 16:55:05
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://projects.theforeman.org/issues/4456
- http://secunia.com/advisories/57575
- http://theforeman.org/security.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1071741
- http://projects.theforeman.org/issues/4456
- http://secunia.com/advisories/57575
- http://theforeman.org/security.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1071741