CVE-2019-10177
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users.
Se encontró una vulnerabilidad almacenada de cross-site scripting (XSS) en el componente de exportación a PDF de CloudForms, versiones 5.9 y 5.10, debido a que la información del usuario no está correctamente saneada. Un atacante con menos privilegios para editar el proceso puede ejecutar un ataque XSS contra otros usuarios, lo que podría provocar la ejecución de un código malicioso y la extracción del token anti-CSRF de usuarios con privilegios más altos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-27 CVE Reserved
- 2019-06-27 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/109065 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10177 | 2020-09-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Cloudforms Management Engine Search vendor "Redhat" for product "Cloudforms Management Engine" | 5.9 Search vendor "Redhat" for product "Cloudforms Management Engine" and version "5.9" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Cloudforms Management Engine Search vendor "Redhat" for product "Cloudforms Management Engine" | 5.10 Search vendor "Redhat" for product "Cloudforms Management Engine" and version "5.10" | - |
Affected
|