The Apache CloudStack Blog

Wednesday Aug 07, 2013

[CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity

Product: Apache CloudStack
Vendor: The Apache Software Foundation
Vulnerability Type(s): Cross-site scripting (XSS)
Vulnerable version(s): Apache CloudStack versions 4.0.0-incubating, 4.0.1-incubating, 4.0.2 and 4.1.0
CVE References: CVE-2013-2136
Risk Level: Low
CVSSv2 Base Scores: 4 (AV:N/AC:L/Au:S/C:N/I:P/A:N)

Description:

The Apache CloudStack Security Team was notified of an issue found in the Apache CloudStack user interface that allows an authenticated user to execute cross-site scripting attack against other users within the system.

Mitigation:

Updating to Apache CloudStack versions 4.1.1 or higher will mitigate this vulnerability.

Please see the 4.1.1 release notes for further information about how to upgrade:

http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/html/Release_Notes/index.html

References:

https://issues.apache.org/jira/browse/CLOUDSTACK-2936

Credit:

This issue was identified by Oleg Boytsev from strongserver.org.

Comments:

I would like to say that this blog really convinced me to do it ! Thanks, very good. We are really happy just for this post in this website.

Posted by acompanhantes sao paulo on August 13, 2013 at 11:04 PM UTC #

Thanks for this post,it is a rain drop post…i like it.

Posted by hotels in the bahamas on September 01, 2013 at 07:43 AM UTC #

Post a Comment:
  • HTML Syntax: NOT allowed

Calendar

Search

Hot Blogs (today's hits)

Tag Cloud

Categories

Feeds

Links

Navigation