Arbitrary Web Script Injection via label parameter in Foreman
CVE-2016-6319 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.
Learn more about our Web App Pen Testing.