CVE-2016-6319

6.1 MEDIUM

Published: August 19, 2016 Modified: May 06, 2026

Description

Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://projects.theforeman.org/issues/16019

Source: secalert@redhat.com

Vendor Advisory

http://projects.theforeman.org/issues/16024

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/92429

Source: secalert@redhat.com

Third Party Advisory VDB Entry

https://access.redhat.com/errata/RHSA-2018:0336

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1365815

Source: secalert@redhat.com

Issue Tracking Third Party Advisory VDB Entry

https://github.com/theforeman/foreman/commit/0f35fe14acf0d0d3b55e9337bc5e2b9640ff2372

Source: secalert@redhat.com

Patch

https://theforeman.org/security.html#2016-6319

Source: secalert@redhat.com

Vendor Advisory

http://projects.theforeman.org/issues/16019