A cross-site script vulnerability was found in CloudForms 5.9.0.10 self-service UI snapshot feature.
Acknowledgments: Name: Yadnyawalk Tale (Red Hat)
Workaround: The CloudForms CSP (Content Security Policy) will prevent exploitation of this, newer versions of the Firefox and Chrome web browsers support CSP and as such users of them are not affected by this XSS.
This issue has been addressed in the following products: CloudForms Management Engine 5.9 Via RHSA-2018:0380 https://access.redhat.com/errata/RHSA-2018:0380
Statement: This issue affects the versions of cfme as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.