Ovirt Engine's web interface in ovirt 4.4.2 and earlier does not filter user controllable parameters completely, which may result in a reflected cross site scripting attack.
Acknowledgments: Name: Chen RuiQi (Qianxin CodeSafe Team), Chen Huiliang (Qianxin CodeSafe Team)
Upstream fix: https://gerrit.ovirt.org/#/c/111277/
This issue has been addressed in the following products: Red Hat Virtualization Engine 4.4 Via RHSA-2020:3807 https://access.redhat.com/errata/RHSA-2020:3807
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14333