Vulnerabilities > Theforeman > Katello > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-05 CVE-2013-0283 Cross-site Scripting vulnerability in Theforeman Katello
Katello: Username in Notification page has cross site scripting
network
low complexity
theforeman CWE-79
5.4
5.4
2019-12-03 CVE-2013-2101 Cross-site Scripting vulnerability in multiple products
Katello has multiple XSS issues in various entities
network
low complexity
theforeman redhat CWE-79
5.4
5.4
2019-01-13 CVE-2018-16887 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) flaw was found in the katello component of Satellite.
network
low complexity
redhat theforeman CWE-79
5.4
5.4
2018-12-14 CVE-2018-14623 Unspecified vulnerability in Theforeman Katello
A SQL injection flaw was found in katello's errata-related API.
network
low complexity
theforeman
4.3
4.3
2018-08-22 CVE-2017-2662 Unspecified vulnerability in Theforeman Katello 3.4.5
A flaw was found in Foreman's katello plugin version 3.4.5.
network
low complexity
theforeman
4.3
4.3
2018-07-27 CVE-2016-9595 Link Following vulnerability in multiple products
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files.
local
low complexity
theforeman redhat CWE-59
5.5
5.5