Stored Cross-Site Scripting Vulnerability in CloudForms v2v Infrastructure Mapping Delete Feature

CVE-2018-10854 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.

Learn more about our Infrastructure Penetration Testing.