A cross-site scripting (XSS) flaw was reported in Foreman's template preview screen. If a user were tricked into viewing a malicious template, it would lead to cross-site scripting attacks. Note that templates are commonly shared among users. This issue was reported in version 1.6.0; however, older versions may also be vulnerable. Upstream fix: https://github.com/theforeman/foreman/pull/1778 References: http://projects.theforeman.org/issues/7483
Created attachment 983028 [details] 43cc21bbc1a402d18c3462b38443b6bb86ab8097.patch
Created attachment 983029 [details] 86b1f2f50be2b3a2350c5969da47dc15e8a8664a.patch
This issue has been addressed in the following products: Red Hat Satellite 6.1 Via RHSA-2015:1591 https://access.redhat.com/errata/RHSA-2015:1591
This issue has been addressed in the following products: Red Hat Satellite 6.1 Via RHSA-2015:1592 https://access.redhat.com/errata/RHSA-2015:1592