Cross-Site Scripting Vulnerability in CloudForms by Red Hat
CVE-2018-10854

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Cloudforms
Vendor: CVE Published:; 22 November 2019

Summary

A vulnerability has been identified in CloudForms, affecting versions 5.8 and 5.9. This flaw is linked to the v2v infrastructure mapping delete feature, where improper sanitization of user input in the Name field allows for stored cross-site scripting attacks. An attacker could exploit this vulnerability to execute arbitrary scripts in the context of a user's session, potentially compromising their data and actions.

Affected Version(s)

cloudforms cloudforms 5.8 and cloudforms 5.9

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10854

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 22, 2019
Vulnerability Reserved
May 9, 2018