CVE-2013-1070

Ubuntu MaaS 1.2-1.4 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/.

References (3)

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2105-1

[Exploit] http://www.securityfocus.com/bid/65575

[Vendor Advisory] https://bugs.launchpad.net/maas/%2Bbug/1251336

Scores

EPSS 0.0034

EPSS Percentile 56.2%

Details

CWE

CWE-79

Status published

Products (3)

ubuntu/metal_as_a_service

n/a/n/a

Published Feb 17, 2014

Tracked Since Feb 18, 2026