I don't think this has any security implications, but in future, please treat HTML escaping issues as having a potential security (XSS) impact and allow us to evaluate them first.
Ideal procedure is to mark the bug as private for the security team and for Foreman issues, e-mail email@example.com (http://theforeman.org/security.html). We'll check it out and then handle appropriately. Thanks.
Created redmine issue http://projects.theforeman.org/issues/6858 from this bug
Upstream bug component is Provisioning
Upstream bug component is Settings
Moving to POST since upstream bug http://projects.theforeman.org/issues/6858 has been closed
Applied in changeset commit:e108822a1a3ab567ea17d733754ccc9c9447dc8a.
Created attachment 1162621 [details]
HTML tags properly escaped when updating parameter under settings tab.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.