CVE-2014-0176

CloudForms 3.0 Management Engine <5.2.4.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (1)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2014-0816.html

Scores

EPSS 0.0032

EPSS Percentile 54.6%

Details

CWE

CWE-79

Status published

Products (8)

redhat/cloudforms_3.0_management_engine < 5.2.4

redhat/cloudforms_3.0_management_engine

n/a/n/a

Published Jul 07, 2014

Tracked Since Feb 18, 2026