First published: Fri Jul 26 2013(Updated: )
A cross-site scripting (XSS) flaw was found in the RedirectServlet of the oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M). A remote attacker could provide a specially-crafted link, that when visited by an unsuspecting RHEV-M / oVirt user would lead to arbitrary script execution in the context of the RHEV-M / oVirt domain. Access to the RedirectServlet does not require authentication.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Enterprise Virtualization | =3.0 | |
Redhat Enterprise Virtualization | =3.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.