Users can create malicious key names containing script tags. They are executed by other users via the autocomplete function when searching for keys.
This issue was discovered by Jan Hutař of Red Hat.
This issue is now public http://theforeman.org/security.html#2014-0208
This issue was addressed in the following products:
Red Hat Satellite 6.0
at the time of GA.