Cloudforms@3.0 Security Vulnerabilities and Issues — Cloudforms@3.0 CVE List

Lucene search

RedhatCloudforms3.0

6 matches found

CVE•added 2019/11/01 7:15 p.m.•178 views

CVE-2013-0186

Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS6AI score0.00401EPSS

CVE•added 2014/02/20 3:27 p.m.•114 views

CVE-2014-0081

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) u...

4.3CVSS5.9AI score0.00885EPSS

CVE•added 2014/03/18 5:2 p.m.•61 views

CVE-2014-0057

The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.

7.5CVSS6.6AI score0.00703EPSS

CVE•added 2019/12/13 1:15 p.m.•58 views

CVE-2014-0197

CFME: CSRF protection vulnerability via permissive check of the referrer header

8.8CVSS8.7AI score0.00356EPSS

CVE•added 2014/01/23 1:55 a.m.•53 views

CVE-2013-6443

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.

6.8CVSS7AI score0.00095EPSS

CVE•added 2019/11/04 1:15 p.m.•47 views

CVE-2013-4423

CloudForms stores user passwords in recoverable format

5.5CVSS5.5AI score0.00104EPSS