CVSS 3 Base Score: Posted On: March 14, 2014Assessed Risk Level: None A bug in Puppet Dashboard versions 1.0 - 1.2.4 allows for Cross Site Scripting (XSS) attacks on certain input fields. This could potentially allow a malicious user to share Puppet Dashboard data with other websites, or manipulate fields in the Dashboard database. Status:Affected software versions:Resolved in:Resolved in Puppet Dashboard 1.2.5. source, rpm, debResolved in Puppet Enterprise 1.2.5 and 2.0.1Hotfixes available for Puppet Enterprise 1.0, 1.1, and 1.2.xHotfixeshttp://puppetlabs.com/security/cve/cve-2012-0891/hotfixes/← Back to CVE Listings