VulnerableCode Package Details - pkg:rpm/redhat/google-compute-engine@2.0.0-1?arch=el7cf

Search for packages

Vulnerability	Summary	Fixed by
VCID-65ha-wgr4-eqd4 Aliases: CVE-2013-4492 GHSA-r5hc-9xx5-97rw	Reflective XSS Vulnerability When a translation is missing, the HTML exception message raised does not escape the keys. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.	There are no reported fixed by versions.
VCID-6v7d-wwrd-5bbr Aliases: CVE-2016-5383	CloudForms: Lack of field filters on user input	There are no reported fixed by versions.
VCID-dysm-mxnw-xfgu Aliases: CVE-2017-2639	CloudForms: cloudforms fails to properly check certificates when communicating with RHEV and OpenShift and custom CA	There are no reported fixed by versions.
VCID-rqh3-c53s-vuee Aliases: CVE-2017-15125	cloudforms: XSS in self-service UI snapshot feature	There are no reported fixed by versions.
VCID-z5na-uzmt-x3gr Aliases: CVE-2016-4457	CFME: default certificate used across all installs	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-65ha-wgr4-eqd4
Aliases:
CVE-2013-4492
GHSA-r5hc-9xx5-97rw

Reflective XSS Vulnerability When a translation is missing, the HTML exception message raised does not escape the keys. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.