A cross-site scripting vulnerability was found in foreman in pages where facts are submitted through insertion of HTML in its name or value.
This issue affects the versions of foreman as shipped with Red Hat Satellite version 6 and Ceph Storage version 1.3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue has been addressed in the following products:
Red Hat Satellite 6.4 for RHEL 7
Via RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927