CVE-2017-15125

Name of the Vulnerable Software and Affected Versions: CloudForms versions prior to 5.9.0.22

Description: A flaw in the self-service UI snapshot feature allows for stored XSS attacks due to improper sanitization of the name field for HTML and JavaScript input. This could enable an attacker to execute such an attack on an application administrator using CloudForms. However, Content Security Policy (CSP) prevents exploitation of this XSS, although not all browsers support CSP.

Recommendations: For versions prior to 5.9.0.22, update to version 5.9.0.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the self-service UI snapshot feature to minimize the risk of exploitation.