The Apache CloudStack Blog

Wednesday Aug 07, 2013

[CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity

Product: Apache CloudStack
Vendor: The Apache Software Foundation
Vulnerability Type(s): Cross-site scripting (XSS)
Vulnerable version(s): Apache CloudStack versions 4.0.0-incubating, 4.0.1-incubating, 4.0.2 and 4.1.0
CVE References: CVE-2013-2136
Risk Level: Low
CVSSv2 Base Scores: 4 (AV:N/AC:L/Au:S/C:N/I:P/A:N)


The Apache CloudStack Security Team was notified of an issue found in the Apache CloudStack user interface that allows an authenticated user to execute cross-site scripting attack against other users within the system.


Updating to Apache CloudStack versions 4.1.1 or higher will mitigate this vulnerability.

Please see the 4.1.1 release notes for further information about how to upgrade:



This issue was identified by Oleg Boytsev from


I would like to say that this blog really convinced me to do it ! Thanks, very good. We are really happy just for this post in this website.

Posted by acompanhantes sao paulo on August 13, 2013 at 11:04 PM UTC #

Thanks for this post,it is a rain drop post…i like it.

Posted by hotels in the bahamas on September 01, 2013 at 07:43 AM UTC #

Thanks, mady my day altoug the post is a bit old. But thanks anyway. You should drop by our site as well. Mike

Posted by Mike Larsson on May 27, 2014 at 08:35 AM UTC #

That was a great work you done, I truely read the whole article. Thanks for sharing it with us.

Posted by generationNET Web development Leicester on May 22, 2015 at 06:06 AM UTC #

Post a Comment:
  • HTML Syntax: NOT allowed



Hot Blogs (today's hits)

Tag Cloud