The Apache CloudStack Blog Open Source Cloud Computing

[CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity

by chipchilders

Posted on Wednesday August 07, 2013 at 01:08PM in Announcements

Product: Apache CloudStack
Vendor: The Apache Software Foundation
Vulnerability Type(s): Cross-site scripting (XSS)
Vulnerable version(s): Apache CloudStack versions 4.0.0-incubating, 4.0.1-incubating, 4.0.2 and 4.1.0
CVE References: CVE-2013-2136
Risk Level: Low
CVSSv2 Base Scores: 4 (AV:N/AC:L/Au:S/C:N/I:P/A:N)


The Apache CloudStack Security Team was notified of an issue found in the Apache CloudStack user interface that allows an authenticated user to execute cross-site scripting attack against other users within the system.


Updating to Apache CloudStack versions 4.1.1 or higher will mitigate this vulnerability.

Please see the 4.1.1 release notes for further information about how to upgrade:



This issue was identified by Oleg Boytsev from


I would like to say that this blog really convinced me to do it ! Thanks, very good. We are really happy just for this post in this website.

Posted by acompanhantes sao paulo on August 13, 2013 at 11:04 PM UTC #

Thanks for this post,it is a rain drop post…i like it.

Posted by hotels in the bahamas on September 01, 2013 at 07:43 AM UTC #

Thanks, mady my day altoug the post is a bit old. But thanks anyway. You should drop by our site as well. Mike

Posted by Mike Larsson on May 27, 2014 at 08:35 AM UTC #

That was a great work you done, I truely read the whole article. Thanks for sharing it with us.

Posted by generationNET Web development Leicester on May 22, 2015 at 06:06 AM UTC #

I can tell you that we can easily change window 10 font and resize it.

Posted by change window 10 font on December 06, 2017 at 10:20 AM UTC #

Comments are closed for this entry.