It was found that cumin did not properly escape input from the "Max allowance" field in the "Set limit" form of the cumin web interface. A remote attacker could use this flaw to perform cross-site scripting (XSS) attacks against victims by tricking them into visiting a specially crafted URL.
Acknowledgements: This issue was discovered by Tomáš Nováčik of the Red Hat MRG Quality Engineering team.
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2013:1852 https://rhn.redhat.com/errata/RHSA-2013-1852.html
This issue has been addressed in following products: MRG for RHEL-5 v. 2 Via RHSA-2013:1851 https://rhn.redhat.com/errata/RHSA-2013-1851.html