Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Satellite_capsule
(Redhat)Repositories | https://github.com/dom4j/dom4j |
#Vulnerabilities | 12 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-11-27 | CVE-2017-15100 | An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page. | Satellite, Satellite_capsule, Foreman | 6.1 | ||
2018-03-12 | CVE-2017-2667 | Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks. | Satellite, Satellite_capsule, Hammer_cli | 8.1 |