3 matches found
CVE-2019-19336
CVE-2019-19336 affects oVirt-engine (OAuth authorization endpoint); the vulnerability is a reflected XSS via the response_type parameter, enabling script execution in a user’s session. Affected versions before 4.3.8 are vulnerable. Remediation: update to 4.3.8 or later (per initial description). ...
RHEL 7 : Red Hat Virtualization Engine (RHSA-2020:0498)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0498 advisory. - ovirt-engine: responsetype parameter allows reflected XSS CVE-2019-19336 Note that Nessus has not tested for this issue but has instead relied only...
CVE-2019-19336
A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session...