cloudstack-marketing mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chip Childers <>
Subject [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity
Date Tue, 06 Aug 2013 12:58:18 GMT
Product: Apache CloudStack
Vendor: The Apache Software Foundation
Vulnerability Type(s): Cross-site scripting (XSS)
Vulnerable version(s): Apache CloudStack versions 4.0.0-incubating,
                       4.0.1-incubating, 4.0.2 and 4.1.0
CVE References: CVE-2013-2136
Risk Level: Low
CVSSv2 Base Scores: 4 (AV:N/AC:L/Au:S/C:N/I:P/A:N)

The Apache CloudStack Security Team was notified of an issue found in 
the Apache CloudStack user interface that allows an authenticated user 
to execute cross-site scripting attack against other users within the 

Updating to Apache CloudStack versions 4.1.1 or higher will mitigate
this vulnerability.

Please see the 4.1.1 release notes for further information about how to 


View raw message