Vulnerabilities > Theforeman > Foreman > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-10 | CVE-2016-7077 | Information Exposure vulnerability in Theforeman Foreman foreman before 1.14.0 is vulnerable to an information leak. | 4.3 |
| 2018-08-01 | CVE-2016-8639 | Cross-site Scripting vulnerability in multiple products It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. | 5.4 |
| 2018-08-01 | CVE-2016-8634 | Unspecified vulnerability in Theforeman Foreman 1.14.0 A vulnerability was found in foreman 1.14.0. | 5.4 |
| 2018-07-31 | CVE-2016-8613 | Unspecified vulnerability in Theforeman Foreman 1.5.1 A flaw was found in foreman 1.5.1. | 6.1 |
| 2018-07-26 | CVE-2017-7535 | Cross-site Scripting vulnerability in Theforeman Foreman foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. | 6.1 |
| 2018-04-05 | CVE-2018-1096 | SQL Injection vulnerability in multiple products An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. | 6.5 |
| 2017-11-27 | CVE-2017-15100 | An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page. | 6.1 |
| 2017-10-18 | CVE-2014-3531 | Cross-site Scripting vulnerability in Theforeman Foreman Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description. | 5.4 |
| 2017-10-16 | CVE-2014-0208 | Cross-site Scripting vulnerability in Theforeman Foreman Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name. | 5.4 |
| 2017-09-25 | CVE-2015-5282 | Cross-site Scripting vulnerability in Theforeman Foreman Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after. | 6.1 |