CVE-2020-10777

CWE-79Cross-site Scripting (XSS)CWE-94Code Injection4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 52.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Cloudforms
Timeline
PublishedAug 11

Description

A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5cloudforms4.7 and 5
NVDredhat/cloudforms4.7, 5.0.0+1

🔴Vulnerability Details

1
CVEList
CVE-2020-10777: A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 42020-08-11

📋Vendor Advisories

1
Red Hat
CloudForms: Cross Site Scripting in report menu title / HTML Code Injection2020-08-03

💬Community

1
Bugzilla
CVE-2020-10777 CloudForms: Cross Site Scripting in report menu title / HTML Code Injection2020-06-16
CVE-2020-10777 (MEDIUM CVSS 5.4) | A cross-site scripting flaw was fou | cvebase.io