Red Hat Bugzilla – Bug 1094642
CVE-2014-0208 foreman: XSS in key name auto-completion
Last modified: 2015-01-30 05:15:56 EST
Users can create malicious key names containing script tags. They are executed by other users via the autocomplete function when searching for keys.
This issue was discovered by Jan Hutař of Red Hat.
This issue is now public http://theforeman.org/security.html#2014-0208
This issue was addressed in the following products:
Red Hat Satellite 6.0
at the time of GA.