Full Disclosure mailing list archives
[CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity
From: Chip Childers <chipchilders () apache org>
Date: Tue, 6 Aug 2013 11:43:22 -0400
Product: Apache CloudStack Vendor: The Apache Software Foundation Vulnerability Type(s): Cross-site scripting (XSS) Vulnerable version(s): Apache CloudStack versions 4.0.0-incubating, 4.0.1-incubating, 4.0.2 and 4.1.0 CVE References: CVE-2013-2136 Risk Level: Low CVSSv2 Base Scores: 4 (AV:N/AC:L/Au:S/C:N/I:P/A:N) Description: The Apache CloudStack Security Team was notified of an issue found in the Apache CloudStack user interface that allows an authenticated user to execute cross-site scripting attack against other users within the system. Mitigation: Updating to Apache CloudStack versions 4.1.1 or higher will mitigate this vulnerability. Please see the 4.1.1 release notes for further information about how to upgrade: http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/html/Release_Notes/index.html References: https://issues.apache.org/jira/browse/CLOUDSTACK-2936
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity Chip Childers (Aug 06)