CVE-2013-4181: XSS
First published: Fri Jul 26 2013(Updated: )
A cross-site scripting (XSS) flaw was found in the RedirectServlet of the oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M). A remote attacker could provide a specially-crafted link, that when visited by an unsuspecting RHEV-M / oVirt user would lead to arbitrary script execution in the context of the RHEV-M / oVirt domain. Access to the RedirectServlet does not require authentication.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Enterprise Virtualization | =3.0 | |
| Redhat Enterprise Virtualization | =3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2013-1210.html
- https://bugzilla.redhat.com/show_bug.cgi?id=988774
- http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=blob;f=backend/manager/modules/root/src/main/java/org/ovirt/engine/core/redirect/RedirectServlet.java;h=f6e79f0;hb=HEAD#l61
- https://rhn.redhat.com/errata/RHSA-2013-1210.html
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-4181
- vendor/redhat
- canonical/redhat enterprise virtualization
- version/redhat enterprise virtualization/3.0
- version/redhat enterprise virtualization/3.2