Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Cloudstack | <= 4.1.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2013-08/0034.html
- http://archives.neohapsis.com/archives/bugtraq/2013-08/0047.html
- http://osvdb.org/96074
- http://osvdb.org/96075
- http://osvdb.org/96076
- http://osvdb.org/96077
- http://osvdb.org/96078
- http://secunia.com/advisories/54399Vendor Advisory
- http://www.securityfocus.com/bid/61638
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86258
- https://issues.apache.org/jira/browse/CLOUDSTACK-2936
- http://archives.neohapsis.com/archives/bugtraq/2013-08/0034.html
- http://archives.neohapsis.com/archives/bugtraq/2013-08/0047.html
- http://osvdb.org/96074
- http://osvdb.org/96075
FAQ
What is CVE-2013-2136?
CVE-2013-2136 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard...
How severe is CVE-2013-2136?
CVE-2013-2136 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2136?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Cloudstack.