CVE-2024-4812 Information

Description

A flaw was found in the Katello plugin for Foreman where it is possible to store malicious JavaScript code in the \Description\ field of a user. This code can be executed when opening certain pages for example Host Collections.

Reference

https://access.redhat.com/security/cve/CVE-2024-4812 https://bugzilla.redhat.com/show_bug.cgi?id=2280187