CVE-2013-2136
Apache CloudStack < 4.1.1 - Cross-Site Scripting via Multiple Input Fields
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings.
References (11)
Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/86258
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/61638
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/96078
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-08/0034.html
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-08/0047.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/96074
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/96076
Various Sources x_refsource_confirm
https://issues.apache.org/jira/browse/CLOUDSTACK-2936
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/96075
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/96077
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/54399
Scores
EPSS
0.0405
EPSS Percentile
89.5%
Details
CWE
CWE-79
Status
published
Products (33)
apache/cloudstack
2.0
apache/cloudstack
2.0.1
apache/cloudstack
2.1.0
apache/cloudstack
2.1.1
apache/cloudstack
2.1.2
apache/cloudstack
2.1.3
apache/cloudstack
2.1.4
apache/cloudstack
2.1.5
apache/cloudstack
2.1.6
apache/cloudstack
2.1.7
... and 23 more
Published
Aug 19, 2013
Tracked Since
Feb 18, 2026