895346 – (CVE-2013-0186) CVE-2013-0186 ManageIQ EVM: Stored XSS

Bug 895346 (CVE-2013-0186) - CVE-2013-0186 ManageIQ EVM: Stored XSS

Summary: CVE-2013-0186 ManageIQ EVM: Stored XSS

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2013-0186
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	957580
Blocks:	895349 895358 1011266
TreeView+	depends on / blocked

Reported:	2013-01-15 05:20 UTC by David Jorm
Modified:	2023-05-12 12:28 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-03-18 07:37:53 UTC
Embargoed:

Attachments	(Terms of Use)

Description David Jorm 2013-01-15 05:20:18 UTC

Multiple stored cross-site scripting (XSS) flaws were found in ManageIQ EVM. A remote attacker could provide a specially-crafted URL that, when visited, would lead to arbitrary HTML or web script injection.

Comment 1 Arun Babu Neelicattu 2013-01-29 03:09:20 UTC

Acknowledgements:

This issue was discovered by David Jorm of the Red Hat Security Response Team.

Comment 12 Kurt Seifried 2014-03-18 07:26:14 UTC

This issue has been addressed in following products:

  CloudForms Management Engine 5.x

Via RHSA-2014:0215 https://rhn.redhat.com/errata/RHSA-2014-0215.html

Note You need to log in before you can comment on or make changes to this bug.