cvedb.io
CVE-2016-8613
MEDIUM · CVSS 6.4
EPSS exploitation probability: 0%
Published 2018-07-31T20:29:00.277 · Last modified 2026-06-17T00:54:36.303

Summary

A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. The output of the job is stored, making this a stored XSS vulnerability.

Affected products

theforeman — foreman

Does this affect you?

Add your gear to cvedb and we'll alert you only when theforeman ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.