CVE-2018-1000095Cross-site Scripting in Redhat Ovirt-engine

CWE-79Cross-site Scripting5 documents5 sources
Severity
4.8MEDIUMNVD
EPSS
0.2%
top 55.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Ovirt-engine
Timeline
PublishedMar 13
Latest updateMay 13

Description

oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

NVDredhat/ovirt-engine4.2.04.2.2

Patches

Patch: gerrit.ovirt.orgPatch: gerrit.ovirt.org

🔴Vulnerability Details

2
GHSA
GHSA-xqr4-7mxg-hjgj: oVirt version 42022-05-13
CVEList
CVE-2018-1000095: oVirt version 42018-03-13

📋Vendor Advisories

1
Red Hat
ovirt-engine: stored XSS in snapshot description and comment2018-03-12

💬Community

1
Bugzilla
CVE-2018-1000095 ovirt-engine: stored XSS in snapshot description and comment2018-02-05
CVE-2018-1000095 — Cross-site Scripting in Redhat | cvebase