Vulnerabilities > Theforeman > Katello > 1.4.9.1

DATE CVE VULNERABILITY TITLE RISK
2019-01-13 CVE-2018-16887 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) flaw was found in the katello component of Satellite.
network
low complexity
redhat theforeman CWE-79
5.4
5.4
2018-07-27 CVE-2016-9595 Link Following vulnerability in multiple products
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files.
local
low complexity
theforeman redhat CWE-59
5.5
5.5