Project

General

Profile

Actions
Copy link

Bug #16019

closed

CVE-2016-6319 - Persistent XSS in job invocation form triggered by unescaped user input name

Added by Marek Hulán almost 8 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Marek Hulán
Category:
Foreman
Target version:
1.6.3
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

The value is used for label in job invocation form. The vulnerability/fix belongs to Foreman which stopped escaping the label since [1.6.0](https://github.com/theforeman/foreman/commit/2af7c64a3b9c2699a3131483bc2344b50c138542#diff-d07b3cdd6c00768e06bfed349d3c808fR157).

Related issues 1 (0 open1 closed)

Related to Foreman - Bug #16024: Foreman form helpers do not escape JS when rendering labelClosedMarek Hulán08/09/2016Actions
Actions
Copy link

Also available in: Atom PDF