N/A

An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Foreman 跨站脚本漏洞

Foreman是一套用于物理和虚拟服务器中的生命周期管理工具。该工具提供服务开通、配置管理以及报告状态等功能。 Foreman存在跨站脚本漏洞。攻击者利用该漏洞执行跨站脚本攻击。

N/A

N/A