Описание
oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.
A stored XSS vulnerability was discovered in ovirt-engine 4.2. Sanitation of HTML elements was not applied correctly to all fields, shows in the management console. An attacker with VM Admin permissions could use this vulnerability to launch XSS attacks against other VM or Cluster administrators.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Virtualization 4 | ovirt-engine | Not affected |
Показывать по
Дополнительная информация
Статус:
7.2 High
CVSS3
Связанные уязвимости
oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.
oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.
7.2 High
CVSS3