XSS in Apache Cloudstack

CVE-2013-2136

Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance na…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.067 (91.4th percentile) — read the EPSS interpretation.

Affected products

Apache Cloudstack — versions 2.0, 2.0.1, 2.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

apache-cloudstack-cve20132136-xss(86258) (vdb-entry, x_refsource_XF)
61638 (vdb-entry, x_refsource_BID)
96078 (x_refsource_OSVDB, vdb-entry)
20130806 [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity (mailing-list, x_refsource_BUGTRAQ)
20130807 Updated [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity (mailing-list, x_refsource_BUGTRAQ)
96074 (x_refsource_OSVDB, vdb-entry)
96076 (x_refsource_OSVDB, vdb-entry)
secalert@redhat.com (x_refsource_CONFIRM)
96075 (x_refsource_OSVDB, vdb-entry)
96077 (x_refsource_OSVDB, vdb-entry)