Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU