CVE-2014-0152
CVE-2014-0152 affects oVirt Web Admin Interface (3.4.0 and earlier). Root cause: after authentication, a new session ID is not generated and session IDs may be stored in HTML5 local storage, not protected by same-origin policy. This enables a remote attacker to hijack a logged-in user’s session v...