Kayhan Kayihan

**Name of the Vulnerable Software and Affected Versions** oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M) versions 3 and 3.2 **Description** A cross-site scripting (XSS) issue exists in the addAlert function within the RedirectServlet servlet. This allows remote attackers to inject arbitrary web script or HTML, potentially leading to security breaches. The estimated number of potentially affected devices and details about real-world incidents are not specified. **Recommendations** For versions 3 and 3.2, consider disabling the addAlert function in the RedirectServlet servlet as a temporary workaround until a patch is available. Restrict access to the RedirectServlet servlet to minimize the risk of exploitation.