It was found that PDF export component in CloudForms was vulnerable to cross-side scripting (XSS) as user input was not properly sanitized. An authenticated attacker with privileges to edit compute could use the XSS vulnerability against users, which could lead to arbitrary code execution, and extraction of the anti-CSRF token of a higher privileged user.