CVE-2023-0119

medium

Description

A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.

References

https://projects.theforeman.org/issues/35977

https://bugzilla.redhat.com/show_bug.cgi?id=2159104

https://access.redhat.com/security/cve/CVE-2023-0119

https://access.redhat.com/errata/RHSA-2023:6818

https://access.redhat.com/errata/RHSA-2023:3387

Details

Source: Mitre, NVD

Published: 2023-09-12

Updated: 2024-05-03

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium