Bug 1388202 - CVE-2016-8613 - XSS in live output
Summary: CVE-2016-8613 - XSS in live output
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Remote Execution
Version: 6.2.0
Hardware: Unspecified
OS: Unspecified
medium
medium vote
Target Milestone: Unspecified
Assignee: Ivan Necas
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: CVE-2016-8613
TreeView+ depends on / blocked
 
Reported: 2016-10-24 18:01 UTC by Ivan Necas
Modified: 2016-11-28 18:33 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-28 18:33:23 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 17066 0 None None None 2016-10-24 18:01:25 UTC

Description Ivan Necas 2016-10-24 18:01:23 UTC 
Missed escaping in live output can allow XSS, when the execution code produces a valid HTML/JavaScript code.
Comment 1 Ivan Necas 2016-10-24 18:01:28 UTC 
Created from redmine issue http://projects.theforeman.org/issues/17066
Comment 2 Ivan Necas 2016-10-24 18:01:33 UTC 
Upstream bug assigned to inecas
Comment 4 Kurt Seifried 2016-11-28 18:33:23 UTC 
Fixing in 6.4 GA https://bugzilla.redhat.com/show_bug.cgi?id=1399326
Note You need to log in before you can comment on or make changes to this bug.