A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms.
Upstream patch: https://github.com/ManageIQ/manageiq-ui-classic/pull/3900
Name: Purnachand Pulahari (IBM), Ranjit Kumar Singh (IBM)
This issue has been addressed in the following products:
CloudForms Management Engine 5.11
Via RHSA-2020:3358 https://access.redhat.com/errata/RHSA-2020:3358
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):