PT-2013-4889 · Red Hat+1 · Red Hat Enterprise Virtualization Manager+1
Kayhan Kayihan
·
Published
2013-09-16
·
Updated
2023-02-13
·
CVE-2013-4181
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M) versions 3 and 3.2
Description
A cross-site scripting (XSS) issue exists in the addAlert function within the RedirectServlet servlet. This allows remote attackers to inject arbitrary web script or HTML, potentially leading to security breaches. The estimated number of potentially affected devices and details about real-world incidents are not specified.
Recommendations
For versions 3 and 3.2, consider disabling the addAlert function in the RedirectServlet servlet as a temporary workaround until a patch is available. Restrict access to the RedirectServlet servlet to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Enterprise Virtualization Manager
Ovirt Engine