{"id":"UBUNTU-CVE-2014-7850","details":"Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.","modified":"2025-07-16T07:48:08.220987Z","published":"2014-11-28T15:59:00Z","withdrawn":"2025-07-18T16:43:05Z","upstream":["CVE-2014-7850"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-7850"},{"type":"REPORT","url":"https://fedorahosted.org/freeipa/ticket/4742"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2014-7850"}],"affected":[{"package":{"name":"freeipa","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/freeipa@4.1.4-1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.4-1"}]}],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"4.1.4-1","binary_name":"freeipa-admintools"},{"binary_version":"4.1.4-1","binary_name":"freeipa-client"},{"binary_version":"4.1.4-1","binary_name":"freeipa-client-dbgsym"},{"binary_version":"4.1.4-1","binary_name":"freeipa-server"},{"binary_version":"4.1.4-1","binary_name":"freeipa-server-dbgsym"},{"binary_version":"4.1.4-1","binary_name":"freeipa-server-trust-ad"},{"binary_version":"4.1.4-1","binary_name":"freeipa-server-trust-ad-dbgsym"},{"binary_version":"4.1.4-1","binary_name":"freeipa-tests"},{"binary_version":"4.1.4-1","binary_name":"python-freeipa"},{"binary_version":"4.1.4-1","binary_name":"python-freeipa-dbgsym"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-7850.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"medium"}]}