Fedora Account System
Red Hat Associate
Red Hat Customer
During the test we found that there are no input validation for user input, and its possible to inject scripts into text box in the following links https://3scale-admin.apps.rhoam-pentest.ofop.p1.openshiftapps.com/site/emails/edit https://3scale-admin.apps.rhoam-pentest.ofop.p1.openshiftapps.com/p/admin/backend_apis/2 The XSS attack is possible only by an authenticated user so the severity is low
Acknowledgments: Name: Siddharth Sharma (Red Hat Product Security), Or Asaf (Red Hat Product Security)
Affected version 2.9.1 GA
*** Bug 1850967 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: 3scale API Management Via RHSA-2021:3851 https://access.redhat.com/errata/RHSA-2021:3851
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3442