Cross-Site Scripting Vulnerability in CloudForms by Red Hat
CVE-2018-10854

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Cloudforms
Vendor: CVE Published:; 22 November 2019

What is CVE-2018-10854?

A vulnerability has been identified in CloudForms, affecting versions 5.8 and 5.9. This flaw is linked to the v2v infrastructure mapping delete feature, where improper sanitization of user input in the Name field allows for stored cross-site scripting attacks. An attacker could exploit this vulnerability to execute arbitrary scripts in the context of a user's session, potentially compromising their data and actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

cloudforms cloudforms 5.8 and cloudforms 5.9

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10854

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 22, 2019
Vulnerability Reserved
May 9, 2018

JSON

Red Hat