CVE-2019-10177

A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10177 Issue Tracking Vendor Advisory
http://www.securityfocus.com/bid/109065 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:cloudforms_management_engine:5.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:cloudforms_management_engine:5.9:*:*:*:*:*:*:*

Information

Published : 2019-06-27 14:15

Updated : 2020-09-30 12:51


NVD link : CVE-2019-10177

Mitre link : CVE-2019-10177


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

redhat

  • cloudforms_management_engine