CVE-2019-10177 is a vulnerability in Red Hat Cloudforms Management Engine
Published on June 27, 2019
A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2019-10177 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2019-10177
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-10177 are published in Red Hat Cloudforms Management Engine:
Affected Versions
Red Hat CloudForms Version 5.9, 5.10 is affected by CVE-2019-10177Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.