Security Advisory

CVE-2024-4812

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-06-05 15:06:13

Last updated 2025-11-20 19:15:48

Assigner redhat

State PUBLISHED

Description

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections.

← Browse all CVEs View on cve.org ↗