CVE-2018-14664

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-14664

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14664.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-14664

Downstream

RHSA-2019:1222

Published

2018-10-12T22:15:07.080Z

Modified

2026-04-02T00:40:27.876905Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side.

References

Affected packages

Git / github.com/theforeman/smart-proxy

Affected ranges

Type

GIT

Repo

https://github.com/theforeman/smart-proxy

Events

Introduced

Last affected

8fde491019288d2a687cf89a210d216fdb29a348

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.18.0"
        }
    ]
}

Affected versions

0.*

0.1

0.2

0.2rc2

0.3

0.3.1

1.*

1.0

1.0RC1

1.0RC2

1.1

1.10.0

1.10.0-RC1

1.10.0-RC2

1.10.0-RC3

1.10.1

1.10.2

1.10.3

1.10.4

1.11.0

1.11.0-RC1

1.11.0-RC2

1.11.0-RC3

1.11.1

1.11.2

1.11.3

1.11.4

1.12.0

1.12.0-RC1

1.12.0-RC2

1.12.0-RC3

1.12.1

1.12.2

1.12.3

1.12.4

1.13.0

1.13.0-RC1

1.13.0-RC2

1.13.1

1.13.2

1.13.3

1.13.4

1.14.0

1.14.0-RC1

1.14.0-RC2

1.14.0-RC3

1.14.1

1.14.2

1.14.3

1.15.0

1.15.0-RC1

1.15.0-RC2

1.15.1

1.15.2

1.15.3

1.15.4

1.15.5

1.15.6

1.15.7

1.16.0

1.16.0-RC1

1.16.0-RC2

1.16.1

1.16.2

1.17.0

1.17.0-RC1

1.17.0-RC2

1.17.1

1.17.2

1.17.3

1.17.4

1.18.0

1.18.0-RC1

1.18.0-RC2

1.18.0-RC3

1.19.0

1.19.0-RC1

1.19.0-RC2

1.19.0-RC3

1.19.1

1.1RC1

1.1RC2

1.1RC3

1.2.0

1.2.0-RC1

1.2.0-RC2

1.2.0-RC3

1.2.1

1.20.0

1.20.0-RC1

1.20.0-RC2

1.20.1

1.20.2

1.20.3

1.21.0

1.21.0-RC1

1.21.0-RC2

1.21.0-RC3

1.21.0-RC4

1.21.0-RC5

1.21.1

1.21.2

1.21.3

1.21.4

1.22.0

1.22.0-RC1

1.22.0-RC2

1.22.1

1.22.2

1.23.0

1.23.0-RC1

1.23.0-RC2

1.23.1

1.23.2

1.24.0

1.24.0-RC1

1.24.0-RC2

1.24.0-RC3

1.24.1

1.24.2

1.24.3

1.3.0

1.3.0-RC1

1.3.0-RC2

1.3.0-RC3

1.3.0-RC4

1.4.0

1.4.0-RC1

1.4.0-RC2

1.4.1

1.4.2

1.4.4

1.4.5

1.5.0

1.5.0-RC1

1.5.0-RC2

1.5.1

1.5.2

1.5.4

1.6.0

1.6.0-RC1

1.6.0-RC2

1.6.1

1.6.2

1.6.3

1.7.0

1.7.0-RC1

1.7.0-RC2

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.8.0

1.8.0-RC1

1.8.0-RC2

1.8.0-RC3

1.8.1

1.8.2

1.8.3

1.8.4

1.9.0

1.9.0-RC1

1.9.0-RC2

1.9.0-RC3

1.9.1

1.9.2

1.9.3

2.*

2.0.0

2.0.0-rc1

2.0.0-rc2

2.0.0-rc3

2.0.1

2.0.2

2.0.3

2.1.0

2.1.0-rc1

2.1.0-rc2

2.1.0-rc3

2.1.1

2.1.2

2.1.3

2.1.4

2.2.0

2.2.0-rc1

2.2.0-rc2

2.2.0-rc3

2.2.0-rc4

2.2.1

2.2.2

2.2.3

2.3.0

2.3.0-rc1

2.3.0-rc2

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.4.0

2.4.0-rc1

2.4.0-rc2

2.4.0-rc3

2.4.1

2.5.0

2.5.0-rc1

2.5.0-rc2

2.5.0-rc3

2.5.1

2.5.2

2.5.3

2.5.4

3.*

3.0.0

3.0.0-rc1

3.0.0-rc2

3.0.1

3.0.2

3.1.0

3.1.0-rc1

3.1.0-rc2

3.1.1

3.1.2

3.1.3

3.10.0

3.10.0-rc1

3.10.0-rc2

3.10.1

3.11.0

3.11.0-rc1

3.11.0-rc2

3.11.1

3.11.2

3.11.3

3.11.4

3.11.5

3.12.0

3.12.0-rc1

3.12.0-rc2

3.12.1

3.13.0

3.13.0-rc1

3.13.0-rc2

3.13.1

3.14.0

3.14.0-rc1

3.14.0-rc2

3.15.0

3.15.0-rc1

3.15.1

3.16.0

3.16.0-rc1

3.16.0-rc2

3.16.1

3.16.2

3.16.3

3.17.0

3.17.0-rc1

3.17.0-rc2

3.17.1

3.17.2

3.18.0

3.18.0-rc1

3.18.0-rc2

3.18.1

3.2.0

3.2.0-rc1

3.2.0-rc2

3.2.1

3.3.0

3.3.0-rc1

3.3.0-rc2

3.3.1

3.4.0

3.4.0-rc1

3.4.0-rc2

3.4.1

3.5.0

3.5.0-rc1

3.5.0-rc2

3.5.1

3.5.2

3.5.3

3.6.0

3.6.0-rc1

3.6.0-rc2

3.6.1

3.6.2

3.7.0

3.7.0-rc1

3.7.0-rc2

3.7.0-rc3

3.7.1

3.8.0

3.8.0-rc1

3.8.0-rc2

3.9.0

3.9.0-rc1

3.9.0-rc2

3.9.0-rc3

3.9.1

3.9.2

3.9.3

foreman-proxy-0.*

foreman-proxy-0.1.0-1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14664.json"