Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2018-14664

A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side.

Published: Oct 12, 2018
Updated: Nov 9, 2025
CVE: CVE-2018-14664
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
theforeman / foreman	1.18.0	1.18.0.x

http://www.securityfocus.com/bid/106553
https://access.redhat.com/errata/RHSA-2019:1222
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14664
https://projects.theforeman.org/issues/25169

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo