Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Foreman 跨站脚本漏洞
Vulnerability Description
Foreman是一套用于物理和虚拟服务器中的生命周期管理工具。该工具提供服务开通、配置管理以及报告状态等功能。 Foreman 1.18及之后版本中存在跨站脚本漏洞,该漏洞源于程序没有正确转义breadcrumbs bar中的HTML代码。远程攻击者可通过编辑breadcrumbs bar中使用的属性利用该漏洞存储代码,进而在客户端执行代码。
CVSS Information
N/A
Vulnerability Type
N/A