CVE-2018-10854
MEDIUMRed Hat CloudForms Management Engine 5.8-5.9 - Stored Cross-Site Scripting in v2v Infrastructure Mapping Delete Feature
Title source: llmDescription
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10854
Scores
CVSS v3
5.4
EPSS
0.0027
EPSS Percentile
50.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (3)
redhat/cloudforms_management_engine
4.7
redhat/cloudforms_management_engine
5.8
redhat/cloudforms_management_engine
5.9
Published
Nov 22, 2019
Tracked Since
Feb 18, 2026