Apache CloudStack suffers from a cross site scripting vulnerability. Versions 4.0.0-incubating, 4.0.1-incubating, 4.0.2, and 4.1.0 are affected.
cede899e8d6411ed24f0609ba390790970bac3c8867fe2ee368805e332e88d9bProduct: Apache CloudStack
Vendor: The Apache Software Foundation
Vulnerability Type(s): Cross-site scripting (XSS)
Vulnerable version(s): Apache CloudStack versions 4.0.0-incubating,
4.0.1-incubating, 4.0.2 and 4.1.0
CVE References: CVE-2013-2136
Risk Level: Low
CVSSv2 Base Scores: 4 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
Description:
The Apache CloudStack Security Team was notified of an issue found in
the Apache CloudStack user interface that allows an authenticated user
to execute cross-site scripting attack against other users within the
system.
Mitigation:
Updating to Apache CloudStack versions 4.1.1 or higher will mitigate
this vulnerability.
Please see the 4.1.1 release notes for further information about how to
upgrade:
https://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/html/Release_Notes/index.html
References:
https://issues.apache.org/jira/browse/CLOUDSTACK-2936
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed