CVE-2015-7518: Foreman stored XSS in parameter information popup

[Dominic Cleal <dominic () cleal org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2015-7518: Foreman is affected by a stored XSS vulnerability in
parameter information popups in the web UI.

Extra information stored on parameters inherited by hosts in Foreman
is shown in the web UI, in a popup for users.  The user-editable parts
of this information, such as a description, matcher and source name
can allow stored HTML/JS to be evaluated when a user opens the
information popup for a parameter.

Thanks to Tomer Brisker for reporting it to the foreman-security team,
and for fixing the issue.

Affects: at least Foreman 1.2.0 and higher (all modern versions)
Fix to be released in Foreman 1.10.0

Patch:
https://github.com/theforeman/foreman/commit/32468bce938067b1bbde1c20257
71b5b83ce88ec

More information:
http://theforeman.org/security.html#2015-7518
http://projects.theforeman.org/issues/12611
http://theforeman.org/

- -- 
Dominic Cleal
dominic () cleal org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlZoUsoACgkQfH0ybywrcszGbACgxVFqMU6/fevuwG8zmxLAHGbU
HzEAn1Rkf4J0rt/GuBGCHC61HX9R+auy
=SfOR
-----END PGP SIGNATURE-----