A cross-site scripting vulnerability was found in foreman in pages where facts are submitted through insertion of HTML in its name or value.
Upstream bug:
http://projects.theforeman.org/issues/21519
Statement:
This issue affects the versions of foreman as shipped with Red Hat Satellite version 6 and Ceph Storage version 1.3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.