Lucene search

RedhatCVELIST:CVE-2017-7535

HistoryJul 26, 2018 - 1:00 p.m.

CVE-2017-7535

2018-07-2613:00:00

CWE-79

redhat

www.cve.org

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.2%

JSON

foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action.

CNA Affected

[
  {
    "product": "foreman",
    "vendor": "Foreman",
    "versions": [
      {
        "status": "affected",
        "version": "1.16.0"
      }
    ]
  }
]

References

seclists.org/oss-sec/2017/q3/521

www.securityfocus.com/bid/99604

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7535

projects.theforeman.org/issues/20963

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.2%

JSON

Related for CVELIST:CVE-2017-7535