CVE-2020-10777
CloudForms: Cross Site Scripting in report menu title / HTML Code Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms.
Se encontrĂ³ un fallo de tipo cross-site scripting en la funcionalidad Report Menu de Red Hat CloudForms versiones 4.7 y 5. Un atacante podrĂa usar este fallo para ejecutar un ataque de tipo XSS almacenado en un administrador de aplicaciones que usa CloudForms
A flaw was found in the Report Menu of Red Hat CloudForms where the title field was not properly sanitized for HTML and JavaScript inputs. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that Content Security Policy can prevent exploitation of this XSS however not all browsers support CSP.
Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include bypass, code execution, and cross site scripting vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-20 CVE Reserved
- 2020-08-06 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/cve-2020-10777 | 2020-08-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1847605 | 2020-08-06 | |
https://access.redhat.com/security/cve/CVE-2020-10777 | 2020-08-06 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Cloudforms Search vendor "Redhat" for product "Cloudforms" | 4.7 Search vendor "Redhat" for product "Cloudforms" and version "4.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Cloudforms Search vendor "Redhat" for product "Cloudforms" | 5.0.0 Search vendor "Redhat" for product "Cloudforms" and version "5.0.0" | - |
Affected
|