CVE-2018-14664 MEDIUM

CVE-2018-14664

Vendor [Unknown]

Product foreman

Weakness CWE-79 · XSS

Published October 12, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side.

Key dates

02Disclosure timeline

October 12, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-14664

Related vulnerabilities

04Related CVE

CVE-2026-44568 Open WebUI: Stored XSS in Pending User Overlay via Incorrect DOMPurify Application Order CVE-2023-47786 WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Scripting (XSS) CVE-2025-47085 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2025-58864 WordPress 金数据 Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability CVE-2025-9080 Generic Elements <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting