A vulnerability was found in foreman. When creating an organization or location in Foreman, if the name
contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs in the alertbox on the page.
This may permit a stored XSS attack if an organization/location with HTML in the name is created, then a user is linked directly to this URL.
Name: Sanket Jagtap (Red Hat)