Jan Hutař of Red Hat reports: There is a XSS possible in discovery rule when you are entering filter and you use autocomplete functionality Version-Release number of selected component (if applicable): satellite-6.3.0-18.0.beta.el7sat.noarch
Created redmine issue http://projects.theforeman.org/issues/22042 from this bug
Created attachment 1482812 [details] Verified XSS
This issue has been addressed in the following products: Red Hat Satellite 6.4 for RHEL 7 Via RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927