cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2018-10854,https://securityvulnerability.io/vulnerability/CVE-2018-10854,Cross-Site Scripting Vulnerability in CloudForms by Red Hat,"A vulnerability has been identified in CloudForms, affecting versions 5.8 and 5.9. This flaw is linked to the v2v infrastructure mapping delete feature, where improper sanitization of user input in the Name field allows for stored cross-site scripting attacks. An attacker could exploit this vulnerability to execute arbitrary scripts in the context of a user's session, potentially compromising their data and actions.",Red Hat,Cloudforms,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2019-11-22T11:51:08.000Z,0
CVE-2019-10177,https://securityvulnerability.io/vulnerability/CVE-2019-10177,Stored Cross-Site Scripting Vulnerability in CloudForms by Red Hat,"A stored cross-site scripting vulnerability exists within the PDF export component of CloudForms versions 5.9 and 5.10. This flaw arises because user input is not adequately sanitized, allowing attackers with minimal privileges to edit compute resources to launch XSS attacks against other users. Such exploitation may lead to the execution of malicious code and the unauthorized extraction of anti-CSRF tokens, potentially compromising the security of higher-privileged users.",Red Hat,Cloudforms,6.5,MEDIUM,0.0010000000474974513,false,,false,false,false,,,false,false,,2019-06-27T20:50:45.000Z,0
CVE-2017-15123,https://securityvulnerability.io/vulnerability/CVE-2017-15123,Improper Access Control in CloudForms Web Interface by Red Hat,"A security flaw in the CloudForms web interface (versions 5.8 - 5.10) allows unauthorized users to access RSS feed URLs without proper authentication. This vulnerability could result in the exposure of sensitive information, including details about newly created virtual machines. Proper security measures should be implemented to prevent unauthorized access and protect sensitive data.",Red Hat,Cloudforms,5.3,MEDIUM,0.00139999995008111,false,,false,false,false,,,false,false,,2019-06-12T13:39:34.000Z,0
CVE-2017-2653,https://securityvulnerability.io/vulnerability/CVE-2017-2653,Cross-Site Request Forgery Vulnerability in CloudForms by Red Hat,"CloudForms, prior to version 5.7.2.1, exposes certain unused delete routes that can be manipulated through GET requests instead of the intended POST requests. This flaw can potentially allow an attacker to circumvent XSRF protections, providing an opportunity to exploit the application using various attack vectors. Successful exploitation would likely require additional techniques, such as cross-site scripting, to fully leverage this vulnerability.",Red Hat,Cloudforms,4.1,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2018-07-27T18:00:00.000Z,0
CVE-2017-15125,https://securityvulnerability.io/vulnerability/CVE-2017-15125,Cross-Site Scripting Flaw in CloudForms by Red Hat,"A security flaw exists in the CloudForms self-service UI where the name field does not adequately sanitize HTML and JavaScript inputs. This may allow an attacker to execute a stored cross-site scripting attack on an application administrator. Although implementing Content Security Policy (CSP) can help mitigate this issue, it is important to note that not all browsers offer support for CSP, leaving some users potentially vulnerable.",Red Hat,Cloudforms,6.5,MEDIUM,0.0007699999841861427,false,,false,false,false,,,false,false,,2018-07-27T15:00:00.000Z,0
CVE-2017-2664,https://securityvulnerability.io/vulnerability/CVE-2017-2664,Privilege Escalation Vulnerability in CloudForms Management Engine by Red Hat,"CloudForms Management Engine prior to version 5.7.3 and versions 5.8.0 prior to 5.8.1 are susceptible to a privilege escalation vulnerability due to the absence of Role-Based Access Control (RBAC) on specific methods within the Rails application layer. Malicious actors with access to the application can exploit these methods to gain elevated privileges, potentially compromising sensitive data and operations. This weakness underscores the importance of implementing robust access controls within enterprise applications.",Red Hat,Cloudforms,6.5,MEDIUM,0.0016700000269338489,false,,false,false,false,,,false,false,,2018-07-26T14:00:00.000Z,0
CVE-2017-12191,https://securityvulnerability.io/vulnerability/CVE-2017-12191,Flaw in VMware CloudForms Account Configuration Allows Unauthorized Access,"A security issue exists in VMware CloudForms due to improper account configuration, leading to the use of a shared account with privileged access to VMware Remote Console (VMRC) functions. This flaw may allow unauthorized users to access and modify settings within the VMRC and associated virtual machines, potentially compromising their security.",Red Hat,Cloudforms,7.4,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2018-02-28T13:00:00.000Z,0