Cross-Site Scripting Vulnerability in Ubuntu Metal as a Service
CVE-2013-1070

Currently unrated

Key Information:

Vendor: Ubuntu
Status: Metal As A Service
Vendor: CVE Published:; 17 February 2014

What is CVE-2013-1070?

The Ubuntu Metal as a Service (MaaS) product is susceptible to a cross-site scripting (XSS) vulnerability. This flaw occurs in the API interaction where an attacker can exploit the 'op' parameter to inject malicious web scripts or HTML content. This allows for the potential hijacking of user sessions and manipulation of web pages viewed by users, creating significant security concerns for applications relying on this service.

References

http://www.securityfocus.com/bid/65575

vdb-entryx_refsource_BID

http://www.ubuntu.com/usn/USN-2105-1

vendor-advisoryx_refsource_UBUNTU

https://bugs.launchpad.net/maas/%2Bbug/1251336

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2014
Vulnerability Reserved
Jan 11, 2013