Vulnerabilities > Theforeman > Foreman > 1.4.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-26 | CVE-2017-7535 | Cross-site Scripting vulnerability in Theforeman Foreman foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. | 6.1 |
| 2018-06-21 | CVE-2017-2672 | Improper Privilege Management vulnerability in multiple products A flaw was found in foreman before version 1.15 in the logging of adding and registering images. | 8.8 |
| 2018-04-16 | CVE-2016-9593 | Credentials Management vulnerability in multiple products foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. | 8.8 |
| 2018-04-05 | CVE-2018-1096 | SQL Injection vulnerability in multiple products An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. | 6.5 |
| 2018-04-04 | CVE-2018-1097 | A flaw was found in foreman before 1.16.1. | 8.8 |
| 2017-11-27 | CVE-2017-15100 | An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page. | 6.1 |
| 2017-10-18 | CVE-2014-3531 | Cross-site Scripting vulnerability in Theforeman Foreman Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description. | 5.4 |
| 2017-07-17 | CVE-2015-5152 | Information Exposure vulnerability in Theforeman Foreman Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack. | 8.1 |
| 2016-08-19 | CVE-2016-6320 | Cross-site Scripting vulnerability in Theforeman Foreman Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form. | 5.4 |
| 2016-08-19 | CVE-2016-6319 | Cross-site Scripting vulnerability in Theforeman Foreman Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter. | 6.1 |