{"containers": {"cna": {"affected": [{"product": "cloudforms", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "5.9.0.22"}]}], "datePublic": "2017-12-21T00:00:00", "descriptions": [{"lang": "en", "value": "A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CSP (Content Security Policy) prevents exploitation of this XSS however not all browsers support CSP."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-28T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15125"}, {"name": "RHSA-2018:0380", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0380"}, {"name": "102287", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102287"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-15125", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "cloudforms", "version": {"version_data": [{"version_value": "5.9.0.22"}]}}]}, "vendor_name": "Red Hat"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CSP (Content Security Policy) prevents exploitation of this XSS however not all browsers support CSP."}]}, "impact": {"cvss": [[{"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15125", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15125"}, {"name": "RHSA-2018:0380", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0380"}, {"name": "102287", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102287"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:50:16.404Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15125"}, {"name": "RHSA-2018:0380", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0380"}, {"name": "102287", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102287"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-15125", "datePublished": "2018-07-27T15:00:00", "dateReserved": "2017-10-08T00:00:00", "dateUpdated": "2024-08-05T19:50:16.404Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:cloudforms_management_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C015BD8-6D27-4273-9FA5-F8BC43E5D8CB", "versionEndExcluding": "5.9.0.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CSP (Content Security Policy) prevents exploitation of this XSS however not all browsers support CSP."}, {"lang": "es", "value": "Se ha encontrado un fallo en CloudForms en versiones anteriores a la 5.9.0.22 en la funci\u00f3n de instant\u00e1nea de la interfaz de usuario de autoservicio, donde el campo de nombre no est\u00e1 correctamente saneado para la entrada de c\u00f3digo HTML y JavaScript. Un atacante podr\u00eda aprovechar este fallo para ejecutar un ataque de Cross-Site Scripting (XSS) persistente en un administrador de aplicaciones que emplee CloudForms. N\u00f3tese que el CSP (Content Security Policy) evita la explotaci\u00f3n de este Cross-Site Scripting (XSS). Sin embargo, no todos los navegadores soportan CSP."}], "id": "CVE-2017-15125", "lastModified": "2024-11-21T03:14:07.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 3.7, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-27T15:29:00.390", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102287"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0380"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15125"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102287"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0380"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15125"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Yadnyawalk Tale (Red Hat).", "affected_release": [{"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "ansible-0:2.4.3.0-1.el7ae", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "ansible-tower-0:3.1.5-3.el7at", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "bubblewrap-0:0.1.7-1.el7", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-0:5.9.0.22-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-amazon-smartstate-0:5.9.0.22-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-appliance-0:5.9.0.22-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "cfme-gemset-0:5.9.0.22-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "dbus-api-service-0:1.0.1-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "dumb-init-0:1.2.0-1.el7", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "erlang-0:19.0.4-1.el7at", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "freeipmi-0:1.5.1-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "google-compute-engine-0:2.0.0-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "google-config-0:2.0.0-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "httpd-configmap-generator-0:0.2.1-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "nginx-1:1.10.2-1.el7at", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "postgresql94-0:9.4.15-3PGDG.el7at", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "prince-0:9.0r2-10.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "python-crypto-0:2.6.1-16.el7at", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "python-jmespath-0:0.9.0-4.el7ae", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "python-meld3-0:0.6.10-1.el7", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "python-paramiko-0:2.1.1-2.el7ae", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "qpid-proton-0:0.19.0-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rabbitmq-server-0:3.6.9-1.el7at", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-postgresql95-postgresql-pglogical-0:2.1.0-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-postgresql95-repmgr-0:3.1.3-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-bcrypt-0:3.1.11-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-ffi-0:1.9.18-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-hamlit-0:2.7.5-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-http_parser.rb-0:0.6.0-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-json-0:2.0.4-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-linux_block_device-0:0.2.1-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-memory_buffer-0:0.1.0-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-nio4r-0:2.1.0-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-nokogiri-0:1.8.1-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-ovirt-engine-sdk4-0:4.2.1-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-pg-0:0.18.4-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-puma-0:3.7.1-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-qpid_proton-0:0.19.0-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-redhat_access_cfme-0:2.0.2-2.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-redhat_access_lib-0:1.1.4-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-rugged-0:0.25.1.1-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-sqlite3-0:1.3.13-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-unf_ext-0:0.0.7.4-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "rh-ruby23-rubygem-websocket-driver-0:0.6.5-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "smem-0:1.4-1.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "supervisor-0:3.1.4-1.el7", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}, {"advisory": "RHSA-2018:0380", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.9::el7", "package": "wmi-0:1.3.14-7.el7cf", "product_name": "CloudForms Management Engine 5.9", "release_date": "2018-03-01T00:00:00Z"}], "bugzilla": {"description": "cloudforms: XSS in self-service UI snapshot feature", "id": "1517396", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517396"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-79", "details": ["A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CSP (Content Security Policy) prevents exploitation of this XSS however not all browsers support CSP.", "A flaw was found in CloudForms in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CSP (Content Security Policy) prevents exploitation of this XSS however not all browsers support CSP."], "name": "CVE-2017-15125", "public_date": "2017-12-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-15125\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15125"], "statement": "This issue affects the versions of cfme as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}