Published: 13/03/2018 Updated: 06/11/2019
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Summary

oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.

Vendor Advisories

A stored XSS vulnerability was discovered in ovirt-engine 42 Sanitation of HTML elements was not applied correctly to all fields, shows in the management console An attacker with VM Admin permissions could use this vulnerability to launch XSS attacks against other VM or Cluster administrators ...