CVE-2019-10177

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Cloudforms
Vendor: CVE Published:; 27 June 2019

Summary

A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users.

Affected Version(s)

CloudForms 5.9, 5.10

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10177

x_refsource_CONFIRM

http://www.securityfocus.com/bid/109065

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 27, 2019
Vulnerability Reserved
Mar 27, 2019