CVE-2013-4181

Redhat Enterprise Virtualization - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M), as used in Red Hat Enterprise Virtualization 3 and 3.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (2)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-1210.html

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=988774

Scores

EPSS 0.0026

EPSS Percentile 49.4%

Details

CWE

CWE-79

Status published

Products (3)

redhat/enterprise_virtualization

n/a/n/a

Published Sep 16, 2013

Tracked Since Feb 18, 2026