PT-2019-11607 · Red Hat · Cloudforms
Published
2019-06-27
·
Updated
2020-09-30
·
CVE-2019-10177
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions:
CloudForms versions 5.9 through 5.10
Description:
A stored cross-site scripting (XSS) issue was discovered in the PDF export component due to improper sanitization of user input. This allows an attacker with minimal privileges to execute a XSS attack against other users, potentially leading to malicious code execution and the extraction of anti-CSRF tokens from higher-privileged users.
Recommendations:
For CloudForms versions 5.9 and 5.10, update to a version that properly sanitizes user input in the PDF export component to prevent XSS attacks.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cloudforms