4.3

CVE-2013-2136

Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheCloudstack Version <= 4.1.0
ApacheCloudstack Version2.0 Update- Editioncommunity
ApacheCloudstack Version2.0.1
ApacheCloudstack Version2.1.0
ApacheCloudstack Version2.1.1
ApacheCloudstack Version2.1.2
ApacheCloudstack Version2.1.3
ApacheCloudstack Version2.1.4
ApacheCloudstack Version2.1.5
ApacheCloudstack Version2.1.6
ApacheCloudstack Version2.1.7
ApacheCloudstack Version2.1.8
ApacheCloudstack Version2.1.9
ApacheCloudstack Version2.1.10
ApacheCloudstack Version2.2.0
ApacheCloudstack Version2.2.1
ApacheCloudstack Version2.2.2
ApacheCloudstack Version2.2.3
ApacheCloudstack Version2.2.5
ApacheCloudstack Version2.2.6
ApacheCloudstack Version2.2.7
ApacheCloudstack Version2.2.8
ApacheCloudstack Version2.2.9
ApacheCloudstack Version2.2.11
ApacheCloudstack Version2.2.12
ApacheCloudstack Version2.2.13
ApacheCloudstack Version2.2.14
ApacheCloudstack Version3.0.0
ApacheCloudstack Version3.0.1
ApacheCloudstack Version3.0.2
ApacheCloudstack Version4.0.0 Updateincubating
ApacheCloudstack Version4.0.1
ApacheCloudstack Version4.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.05% 0.893
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://archives.neohapsis.com/archives/bugtraq/2013-08/0034.html
http://archives.neohapsis.com/archives/bugtraq/2013-08/0047.html
http://osvdb.org/96074
http://osvdb.org/96075
http://osvdb.org/96076
http://osvdb.org/96077
http://osvdb.org/96078
http://secunia.com/advisories/54399
Vendor Advisory
http://www.securityfocus.com/bid/61638
https://exchange.xforce.ibmcloud.com/vulnerabilities/86258
https://issues.apache.org/jira/browse/CLOUDSTACK-2936