Arbitrary Web Script Injection via label parameter in Foreman

Arbitrary Web Script Injection via label parameter in Foreman

CVE-2016-6319 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.

Learn more about our Web App Pen Testing.