Skip to main content

Ovirt Engine CVE-2016-3113

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2017-08-07 secalert@redhat.com
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 07, 2017 - 20:29 cve.org
MEDIUM 6.1

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML.

AnalysisAI

Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. Affected products include: Redhat Ovirt-Engine.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2024-0822 HIGH POC
7.5 Jan 25

An authentication bypass vulnerability was found in overt-engine. Rated high severity (CVSS 7.5), this vulnerability is

CVE-2014-7851 HIGH
7.5 Oct 16

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote au

CVE-2014-0152 MEDIUM
6.8 Sep 08

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack w

CVE-2014-0151 MEDIUM
6.8 Feb 13

Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the

CVE-2016-3077 MEDIUM
6.5 Jun 06

The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of

CVE-2020-35497 MEDIUM
6.5 Dec 21

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal informat

CVE-2022-3193 MEDIUM
6.1 Sep 28

An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. Rated medium severit

CVE-2020-14333 MEDIUM
6.1 Aug 18

A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable par

CVE-2020-10775 MEDIUM
5.3 Aug 24

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to r

CVE-2018-1073 MEDIUM
5.3 Jun 19

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and inv

CVE-2018-1062 MEDIUM
5.3 Mar 06

A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delet

CVE-2024-7259 MEDIUM
4.9 Sep 26

A flaw was found in oVirt. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack comp

Share

CVE-2016-3113 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy