CVE-2013-0186

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 39.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageiq EVM Manageiq EVM RED HAT RED HAT Cloudforms 3.0 Redhat Cloudforms

Timeline

PublishedNov 1

Latest updateMay 5

Description

Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5manageiq_evm/manageiq_evmn/a

▶NVDredhat/cloudforms3.0

▶CVEListV5red_hat/red_hat_cloudforms_3.0Red Hat CloudForms 3.0 Management Engine 5.2

🔴Vulnerability Details

GHSA

GHSA-p5jr-6623-mc6j: Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vec↗2022-05-05

▶

CVEList

CVE-2013-0186: Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vec↗2019-11-01

▶

📋Vendor Advisories

Red Hat

EVM: Stored XSS↗2014-03-11

▶

💬Community

Bugzilla

CVE-2013-0186 ManageIQ EVM: Stored XSS↗2013-01-15

▶