[CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity
Posted on Wednesday August 07, 2013 at 01:08PM in Announcements
Product: Apache CloudStack
Vendor: The Apache Software Foundation
Vulnerability Type(s): Cross-site scripting (XSS)
Vulnerable version(s): Apache CloudStack versions 4.0.0-incubating, 4.0.1-incubating, 4.0.2 and 4.1.0
CVE References: CVE-2013-2136
Risk Level: Low
CVSSv2 Base Scores: 4 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
The Apache CloudStack Security Team was notified of an issue found in the Apache CloudStack user interface that allows an authenticated user to execute cross-site scripting attack against other users within the system.
Updating to Apache CloudStack versions 4.1.1 or higher will mitigate this vulnerability.
Please see the 4.1.1 release notes for further information about how to upgrade:
This issue was identified by Oleg Boytsev from strongserver.org.
Comments are closed for this entry.