CVE-2014-0089

Foreman <1.4.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.

References (4)

[Exploit, Patch] http://projects.theforeman.org/issues/4456

[Vendor Advisory] http://secunia.com/advisories/57575

[Vendor Advisory] http://theforeman.org/security.html

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=1071741

Scores

EPSS 0.0039

EPSS Percentile 59.7%

Details

CWE

CWE-79

Status published

Products (3)

theforeman/foreman

n/a/n/a

Published Mar 27, 2014

Tracked Since Feb 18, 2026