Multiple stored cross-site scripting (XSS) flaws were found in ManageIQ EVM. A remote attacker could provide a specially-crafted URL that, when visited, would lead to arbitrary HTML or web script injection.
This issue was discovered by David Jorm of the Red Hat Security Response Team.
This issue has been addressed in following products:
CloudForms Management Engine 5.x
Via RHSA-2014:0215 https://rhn.redhat.com/errata/RHSA-2014-0215.html