2126353 – (CVE-2022-3193) CVE-2022-3193 ovirt-engine: HTML Injection/ Reflected XSS on Windows Service Accounts homepages

Bug 2126353 (CVE-2022-3193) - CVE-2022-3193 ovirt-engine: HTML Injection/ Reflected XSS on Windows Service Accounts homepages

Summary: CVE-2022-3193 ovirt-engine: HTML Injection/ Reflected XSS on Windows Service ...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-3193
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2126356
Blocks:	2126354 2126365
TreeView+	depends on / blocked

Reported:	2022-09-13 09:07 UTC by Avinash Hanwate
Modified:	2022-11-27 20:27 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigger on the Windows Service Accounts home pages.
Clone Of:
Environment:
Last Closed:	2022-11-27 20:27:31 UTC
Embargoed:

Attachments	(Terms of Use)

Description Avinash Hanwate 2022-09-13 09:07:26 UTC

An HTML injection/reflected XSS vulnerability is found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry allowing the vulnerability to trigger on the Windows Service Accounts home pages. Several filtering and escaping techniques can be used to mitigate these input validation vulnerabilities.

Comment 7 Product Security DevOps Team 2022-11-27 20:27:29 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-3193

Note You need to log in before you can comment on or make changes to this bug.