Foreman CVE-2018-14664 Multiple HTML Injection Vulnerabilities

Foreman is prone to a multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.


Bugtraq ID: 106553
Class: Input Validation Error
CVE: CVE-2018-14664

Remote: Yes
Local: No
Published: Oct 10 2019 12:00AM
Updated: Oct 10 2019 12:00AM
Credit: Sanket Jagtap (Red Hat Pune India).
Vulnerable: Redhat Satellite 6
Foreman Foreman 1.18

Not Vulnerable: Foreman Foreman 1.20
Foreman Foreman 1.19.1
Foreman Foreman 1.18.3


Attackers can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.

Related Posts