Apache CloudStack 4.0.x / 4.1.0 Cross Site Scripting

2013.08.07
Credit: Apache
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2013-2136
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Product: Apache CloudStack Vendor: The Apache Software Foundation Vulnerability Type(s): Cross-site scripting (XSS) Vulnerable version(s): Apache CloudStack versions 4.0.0-incubating, 4.0.1-incubating, 4.0.2 and 4.1.0 CVE References: CVE-2013-2136 Risk Level: Low CVSSv2 Base Scores: 4 (AV:N/AC:L/Au:S/C:N/I:P/A:N) Description: The Apache CloudStack Security Team was notified of an issue found in the Apache CloudStack user interface that allows an authenticated user to execute cross-site scripting attack against other users within the system. Mitigation: Updating to Apache CloudStack versions 4.1.1 or higher will mitigate this vulnerability. Please see the 4.1.1 release notes for further information about how to upgrade: http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/html/Release_Notes/index.html References: https://issues.apache.org/jira/browse/CLOUDSTACK-2936

References:

http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/html/Release_Notes/index.html
https://issues.apache.org/jira/browse/CLOUDSTACK-2936


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top