REDHAT-BUG-2126353: XSS
First published: Tue Sep 13 2022(Updated: )
An HTML injection/reflected XSS vulnerability is found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry allowing the vulnerability to trigger on the Windows Service Accounts home pages. Several filtering and escaping techniques can be used to mitigate these input validation vulnerabilities.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| oVirt |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2126353?
The severity of REDHAT-BUG-2126353 is classified as high due to the potential for unauthorized access through XSS attacks.
How do I fix REDHAT-BUG-2126353?
To fix REDHAT-BUG-2126353, ensure that all user inputs for the 'error_description' parameter are properly sanitized and validated.
Who is affected by REDHAT-BUG-2126353?
Users of the Red Hat oVirt Engine are affected by the vulnerability described in REDHAT-BUG-2126353.
What type of vulnerability is REDHAT-BUG-2126353?
REDHAT-BUG-2126353 is an HTML injection/reflected XSS vulnerability.
What are the potential impacts of REDHAT-BUG-2126353?
The potential impacts of REDHAT-BUG-2126353 include unauthorized data exposure and risks associated with cross-site scripting attacks.
- agent/references
- agent/weakness
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-3193
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/ovirt