Red Hat Bugzilla – Bug 1108745
CVE-2014-3531 foreman: XSS with operating system name/description
Last modified: 2016-04-26 11:27:20 EDT
It was found  that Red Hat Satellite 6 WebUI has a bug which allows an authenticated user to perform an XSS attack.
This issue is now public:
This issue was fixed in current releases of foreman on Satellite 6.