CVE-2018-10854

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 49.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT Cloudforms Redhat Cloudforms Management Engine

Timeline

PublishedNov 22

Latest updateMay 24

Description

cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5red_hat/cloudformscloudforms 5.8 and cloudforms 5.9

▶NVDredhat/cloudforms_management_engine4.7, 5.8, 5.9+2

🔴Vulnerability Details

GHSA

GHSA-wqjf-hq52-vg86: cloudforms version, cloudforms 5↗2022-05-24

▶

CVEList

CVE-2018-10854: cloudforms version, cloudforms 5↗2019-11-22

▶

📋Vendor Advisories

Red Hat

cloudforms: stored cross-site scripting in Name field↗2019-03-07

▶

💬Community

Bugzilla

CVE-2018-10854 cloudforms: stored cross-site scripting in Name field↗2018-06-12

▶