A stored cross-site scripting (XSS) flaw was found in the way input was escaped in the "Device Identifier" field when creating a new host in the Satellite web UI.
Acknowledgments: Name: Sanket Jagtap (Red Hat)
Upstream issue: http://projects.theforeman.org/issues/16022 Upstream patch: https://github.com/theforeman/foreman/pull/3714
This issue was addressed in: Satellite 6.2 In RHBA-2016:1885
*** Bug 1421803 has been marked as a duplicate of this bug. ***